VirtualBox

Ticket #13187: VBoxStartup.5.log

File VBoxStartup.5.log, 237.2 KB (added by Wouter Kariboe, 10 years ago)

DOS VM refusing to start with "Exit code 1"

Line 
154c.d08: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
254c.d08: Calling main()
354c.d08: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
454c.d08: SUPR3HardenedMain: Respawn #1
554c.d08: System32: \Device\HarddiskVolume1\Windows\System32
654c.d08: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
754c.d08: ProgDir: \Device\HarddiskVolume1\Program Files
854c.d08: ComDir: \Device\HarddiskVolume1\Program Files\Common Files
954c.d08: ProgDir32: \Device\HarddiskVolume1\Program Files (x86)
1054c.d08: ComDir32: \Device\HarddiskVolume1\Program Files (x86)\Common Files
1154c.d08: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1254c.d08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1354c.d08: supR3HardNtEnableThreadCreation:
1454c.d08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c1c340 pvNtTerminateThread=0000000077c417e0
1554c.d08: supR3HardenedWinDoReSpawn(1): New child 810.f98 [kernel32].
1654c.d08: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd5000 cbPeb=0x380
1754c.d08: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bf0000 uNtDllChildAddr=0000000077bf0000
1854c.d08: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=0000000077c1c340 uNtTerminateThread=0000000077c417e0
1954c.d08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c1c340 pvNtTerminateThread=0000000077c417e0
2054c.d08: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
2154c.d08: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000002a0000 LB 0x1a9000
2254c.d08: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
2354c.d08: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00000000779d0000 LB 0x11f000
2454c.d08: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
2554c.d08: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdd50000 LB 0x6c000
2654c.d08: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms
2754c.d08: supR3HardNtEnableThreadCreation:
2854c.d08: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2954c.d08: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3054c.d08: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3154c.d08: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3254c.d08: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3354c.d08: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3454c.d08: 0000000000041000-ffffffffffee1fff 0x0001/0x0000 0x0000000
3554c.d08: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
3654c.d08: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
3754c.d08: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
3854c.d08: 00000000002a0000-ffffffff8894ffff 0x0001/0x0000 0x0000000
3954c.d08: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4054c.d08: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4154c.d08: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4254c.d08: 0000000077d22000-0000000077d19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4354c.d08: 0000000077d2a000-0000000077d28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4454c.d08: 0000000077d2b000-0000000077d27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4554c.d08: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
4654c.d08: 0000000077d99000-0000000070b51fff 0x0001/0x0000 0x0000000
4754c.d08: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4854c.d08: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4954c.d08: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5054c.d08: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
5154c.d08: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5254c.d08: 000000013f2b1000-000000013f231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5354c.d08: 000000013f330000-000000013f32efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5454c.d08: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5554c.d08: 000000013f368000-000000013f35efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5654c.d08: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5754c.d08: 000000013f3aa000-fffff8037e843fff 0x0001/0x0000 0x0000000
5854c.d08: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
5954c.d08: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
6054c.d08: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
6154c.d08: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
6254c.d08: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
6354c.d08: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
6454c.d08: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
6554c.d08: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
6654c.d08: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6754c.d08: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
6854c.d08: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
69810.f98: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
70810.f98: Calling main()
71810.f98: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
72810.f98: System32: \Device\HarddiskVolume1\Windows\System32
73810.f98: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
74810.f98: ProgDir: \Device\HarddiskVolume1\Program Files
75810.f98: ComDir: \Device\HarddiskVolume1\Program Files\Common Files
76810.f98: ProgDir32: \Device\HarddiskVolume1\Program Files (x86)
77810.f98: ComDir32: \Device\HarddiskVolume1\Program Files (x86)\Common Files
78810.f98: supR3HardenedWinInit: Startup delay kludge #2/0: 125 ms, 8 sleeps
79810.f98: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
80810.f98: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
81810.f98: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
82810.f98: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
83810.f98: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
84810.f98: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
85810.f98: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
86810.f98: 0000000000041000-ffffffffffff1fff 0x0001/0x0000 0x0000000
87810.f98: *0000000000090000-000000000000dfff 0x0004/0x0004 0x0020000
88810.f98: 0000000000112000-0000000000093fff 0x0000/0x0004 0x0020000
89810.f98: 0000000000190000-000000000017ffff 0x0001/0x0000 0x0000000
90810.f98: *00000000001a0000-00000000000a4fff 0x0000/0x0004 0x0020000
91810.f98: 000000000029b000-0000000000298fff 0x0104/0x0004 0x0020000
92810.f98: 000000000029d000-0000000000299fff 0x0004/0x0004 0x0020000
93810.f98: *00000000002a0000-0000000000238fff 0x0002/0x0002 0x0040000
94810.f98: 0000000000307000-00000000002fdfff 0x0001/0x0000 0x0000000
95810.f98: *0000000000310000-0000000000165fff 0x0004/0x0004 0x0020000
96810.f98: 00000000004ba000-ffffffff88fa3fff 0x0001/0x0000 0x0000000
97810.f98: *00000000779d0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
98810.f98: 00000000779d1000-0000000077935fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
99810.f98: 0000000077a6c000-00000000779fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
100810.f98: 0000000077ada000-0000000077ad7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
101810.f98: 0000000077adc000-0000000077ac8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
102810.f98: 0000000077aef000-00000000779edfff 0x0001/0x0000 0x0000000
103810.f98: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
104810.f98: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
105810.f98: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
106810.f98: 0000000077d22000-0000000077d20fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
107810.f98: 0000000077d23000-0000000077d21fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
108810.f98: 0000000077d24000-0000000077d22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
109810.f98: 0000000077d25000-0000000077d22fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
110810.f98: 0000000077d27000-0000000077d25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
111810.f98: 0000000077d28000-0000000077d26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
112810.f98: 0000000077d29000-0000000077d26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
113810.f98: 0000000077d2b000-0000000077d29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
114810.f98: 0000000077d2c000-0000000077d29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
115810.f98: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
116810.f98: 0000000077d99000-0000000070b51fff 0x0001/0x0000 0x0000000
117810.f98: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
118810.f98: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
119810.f98: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
120810.f98: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
121810.f98: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
122810.f98: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
123810.f98: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
124810.f98: 000000013f2b1000-000000013f231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
125810.f98: 000000013f330000-000000013f32efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
126810.f98: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
127810.f98: 000000013f368000-000000013f35efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
128810.f98: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
129810.f98: 000000013f3aa000-fffff80380a03fff 0x0001/0x0000 0x0000000
130810.f98: *000007fefdd50000-000007fefdd4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
131810.f98: 000007fefdd51000-000007fefdd06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
132810.f98: 000007fefdd9b000-000007fefdd84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
133810.f98: 000007fefddb1000-000007fefddaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
134810.f98: 000007fefddb3000-000007fefdda9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
135810.f98: 000007fefddbc000-000007fefbc67fff 0x0001/0x0000 0x0000000
136810.f98: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
137810.f98: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
138810.f98: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
139810.f98: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
140810.f98: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
141810.f98: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
142810.f98: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
143810.f98: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
144810.f98: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
145810.f98: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
146810.f98: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
147810.f98: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
148810.f98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
149810.f98: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY
150810.f98: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
151810.f98: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
152810.f98: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
153810.f98: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
154810.f98: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
155810.f98: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
156810.f98: 0000000000041000-ffffffffffff1fff 0x0001/0x0000 0x0000000
157810.f98: *0000000000090000-fffffffffff95fff 0x0004/0x0004 0x0020000
158810.f98: 000000000018a000-0000000000183fff 0x0000/0x0004 0x0020000
159810.f98: 0000000000190000-000000000017ffff 0x0001/0x0000 0x0000000
160810.f98: *00000000001a0000-00000000000a5fff 0x0000/0x0004 0x0020000
161810.f98: 000000000029a000-0000000000297fff 0x0104/0x0004 0x0020000
162810.f98: 000000000029c000-0000000000297fff 0x0004/0x0004 0x0020000
163810.f98: *00000000002a0000-0000000000238fff 0x0002/0x0002 0x0040000
164810.f98: 0000000000307000-00000000002fdfff 0x0001/0x0000 0x0000000
165810.f98: *0000000000310000-0000000000165fff 0x0004/0x0004 0x0020000
166810.f98: 00000000004ba000-00000000004b3fff 0x0001/0x0000 0x0000000
167810.f98: *00000000004c0000-00000000003c3fff 0x0004/0x0004 0x0020000
168810.f98: 00000000005bc000-00000000005b7fff 0x0000/0x0004 0x0020000
169810.f98: *00000000005c0000-0000000000541fff 0x0004/0x0004 0x0020000
170810.f98: 000000000063e000-00000000004bbfff 0x0000/0x0004 0x0020000
171810.f98: *00000000007c0000-000000000069ffff 0x0004/0x0004 0x0020000
172810.f98: 00000000008e0000-ffffffff897effff 0x0001/0x0000 0x0000000
173810.f98: *00000000779d0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
174810.f98: 00000000779d1000-0000000077935fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
175810.f98: 0000000077a6c000-00000000779fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
176810.f98: 0000000077ada000-0000000077ad7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
177810.f98: 0000000077adc000-0000000077ac8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
178810.f98: 0000000077aef000-00000000779edfff 0x0001/0x0000 0x0000000
179810.f98: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
180810.f98: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
181810.f98: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
182810.f98: 0000000077d22000-0000000077d20fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
183810.f98: 0000000077d23000-0000000077d21fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
184810.f98: 0000000077d24000-0000000077d22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
185810.f98: 0000000077d25000-0000000077d22fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
186810.f98: 0000000077d27000-0000000077d25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
187810.f98: 0000000077d28000-0000000077d26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
188810.f98: 0000000077d29000-0000000077d26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
189810.f98: 0000000077d2b000-0000000077d29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
190810.f98: 0000000077d2c000-0000000077d29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
191810.f98: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
192810.f98: 0000000077d99000-0000000077d91fff 0x0001/0x0000 0x0000000
193810.f98: *0000000077da0000-0000000077d9efff 0x0004/0x0004 0x0020000
194810.f98: 0000000077da1000-0000000070b61fff 0x0001/0x0000 0x0000000
195810.f98: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
196810.f98: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
197810.f98: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
198810.f98: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
199810.f98: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
200810.f98: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
201810.f98: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
202810.f98: 000000013f2b1000-000000013f230fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
203810.f98: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
204810.f98: 000000013f368000-000000013f35efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
205810.f98: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
206810.f98: 000000013f3aa000-fffff80380a03fff 0x0001/0x0000 0x0000000
207810.f98: *000007fefdd50000-000007fefdd4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
208810.f98: 000007fefdd51000-000007fefdd06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
209810.f98: 000007fefdd9b000-000007fefdd84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
210810.f98: 000007fefddb1000-000007fefddaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
211810.f98: 000007fefddb3000-000007fefdda9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
212810.f98: 000007fefddbc000-000007fefbc67fff 0x0001/0x0000 0x0000000
213810.f98: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
214810.f98: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
215810.f98: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
216810.f98: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
217810.f98: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
218810.f98: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
219810.f98: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
220810.f98: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
221810.f98: SUPR3HardenedMain: Respawn #2
222810.f98: supR3HardNtEnableThreadCreation:
223810.f98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags>
224810.f98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
225810.f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
226810.f98: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
227810.f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\apphelp.dll'
228810.f98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c1c340 pvNtTerminateThread=0000000077c417e0
229810.f98: supR3HardenedWinDoReSpawn(2): New child e5c.628 [kernel32].
230810.f98: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd9000 cbPeb=0x380
231810.f98: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bf0000 uNtDllChildAddr=0000000077bf0000
232810.f98: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=0000000077c1c340 uNtTerminateThread=0000000077c417e0
233810.f98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c1c340 pvNtTerminateThread=0000000077c417e0
234810.f98: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
235810.f98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdll.dll)
236810.f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdll.dll
237810.f98: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
238810.f98: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000001d0000 LB 0x1a9000
239810.f98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
240810.f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
241810.f98: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
242810.f98: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00000000779d0000 LB 0x11f000
243810.f98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
244810.f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
245810.f98: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
246810.f98: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdd50000 LB 0x6c000
247810.f98: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms
248810.f98: supR3HardNtEnableThreadCreation:
249810.f98: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
250810.f98: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
251810.f98: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
252810.f98: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
253810.f98: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
254810.f98: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
255810.f98: 0000000000041000-fffffffffffb1fff 0x0001/0x0000 0x0000000
256810.f98: *00000000000d0000-fffffffffffd3fff 0x0000/0x0004 0x0020000
257810.f98: 00000000001cc000-00000000001c8fff 0x0104/0x0004 0x0020000
258810.f98: 00000000001cf000-00000000001cdfff 0x0004/0x0004 0x0020000
259810.f98: 00000000001d0000-ffffffff887affff 0x0001/0x0000 0x0000000
260810.f98: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
261810.f98: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
262810.f98: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
263810.f98: 0000000077d22000-0000000077d19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
264810.f98: 0000000077d2a000-0000000077d28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
265810.f98: 0000000077d2b000-0000000077d27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
266810.f98: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
267810.f98: 0000000077d99000-0000000070b51fff 0x0001/0x0000 0x0000000
268810.f98: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
269810.f98: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
270810.f98: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
271810.f98: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
272810.f98: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
273810.f98: 000000013f2b1000-000000013f231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
274810.f98: 000000013f330000-000000013f32efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
275810.f98: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
276810.f98: 000000013f368000-000000013f35efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
277810.f98: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
278810.f98: 000000013f3aa000-fffff8037e843fff 0x0001/0x0000 0x0000000
279810.f98: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
280810.f98: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
281810.f98: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
282810.f98: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
283810.f98: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
284810.f98: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
285810.f98: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
286810.f98: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
287e5c.628: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
288e5c.628: Calling main()
289e5c.628: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
290e5c.628: System32: \Device\HarddiskVolume1\Windows\System32
291e5c.628: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
292e5c.628: ProgDir: \Device\HarddiskVolume1\Program Files
293e5c.628: ComDir: \Device\HarddiskVolume1\Program Files\Common Files
294e5c.628: ProgDir32: \Device\HarddiskVolume1\Program Files (x86)
295e5c.628: ComDir32: \Device\HarddiskVolume1\Program Files (x86)\Common Files
296e5c.628: supR3HardenedWinInit: Startup delay kludge #2/0: 124 ms, 8 sleeps
297e5c.628: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
298e5c.628: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
299e5c.628: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
300e5c.628: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
301e5c.628: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
302e5c.628: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
303e5c.628: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
304e5c.628: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
305e5c.628: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000
306e5c.628: 00000000000b7000-000000000009dfff 0x0001/0x0000 0x0000000
307e5c.628: *00000000000d0000-fffffffffffd4fff 0x0000/0x0004 0x0020000
308e5c.628: 00000000001cb000-00000000001c8fff 0x0104/0x0004 0x0020000
309e5c.628: 00000000001cd000-00000000001c9fff 0x0004/0x0004 0x0020000
310e5c.628: 00000000001d0000-000000000009ffff 0x0001/0x0000 0x0000000
311e5c.628: *0000000000300000-000000000027dfff 0x0004/0x0004 0x0020000
312e5c.628: 0000000000382000-0000000000303fff 0x0000/0x0004 0x0020000
313e5c.628: *0000000000400000-0000000000255fff 0x0004/0x0004 0x0020000
314e5c.628: 00000000005aa000-ffffffff89183fff 0x0001/0x0000 0x0000000
315e5c.628: *00000000779d0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
316e5c.628: 00000000779d1000-0000000077935fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
317e5c.628: 0000000077a6c000-00000000779fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
318e5c.628: 0000000077ada000-0000000077ad7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
319e5c.628: 0000000077adc000-0000000077ac8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
320e5c.628: 0000000077aef000-00000000779edfff 0x0001/0x0000 0x0000000
321e5c.628: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
322e5c.628: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
323e5c.628: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
324e5c.628: 0000000077d22000-0000000077d20fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
325e5c.628: 0000000077d23000-0000000077d21fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
326e5c.628: 0000000077d24000-0000000077d22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
327e5c.628: 0000000077d25000-0000000077d22fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
328e5c.628: 0000000077d27000-0000000077d25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
329e5c.628: 0000000077d28000-0000000077d26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
330e5c.628: 0000000077d29000-0000000077d26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
331e5c.628: 0000000077d2b000-0000000077d29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
332e5c.628: 0000000077d2c000-0000000077d29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
333e5c.628: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
334e5c.628: 0000000077d99000-0000000070b51fff 0x0001/0x0000 0x0000000
335e5c.628: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
336e5c.628: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
337e5c.628: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
338e5c.628: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
339e5c.628: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
340e5c.628: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
341e5c.628: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
342e5c.628: 000000013f2b1000-000000013f231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
343e5c.628: 000000013f330000-000000013f32efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
344e5c.628: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
345e5c.628: 000000013f368000-000000013f35efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
346e5c.628: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
347e5c.628: 000000013f3aa000-fffff80380a03fff 0x0001/0x0000 0x0000000
348e5c.628: *000007fefdd50000-000007fefdd4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
349e5c.628: 000007fefdd51000-000007fefdd06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
350e5c.628: 000007fefdd9b000-000007fefdd84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
351e5c.628: 000007fefddb1000-000007fefddaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
352e5c.628: 000007fefddb3000-000007fefdda9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
353e5c.628: 000007fefddbc000-000007fefbc67fff 0x0001/0x0000 0x0000000
354e5c.628: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
355e5c.628: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
356e5c.628: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
357e5c.628: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
358e5c.628: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
359e5c.628: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
360e5c.628: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
361e5c.628: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
362e5c.628: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
363e5c.628: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
364e5c.628: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
365e5c.628: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
366e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
367e5c.628: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY
368e5c.628: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
369e5c.628: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
370e5c.628: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
371e5c.628: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
372e5c.628: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
373e5c.628: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
374e5c.628: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
375e5c.628: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000
376e5c.628: 00000000000b7000-000000000009dfff 0x0001/0x0000 0x0000000
377e5c.628: *00000000000d0000-fffffffffffd5fff 0x0000/0x0004 0x0020000
378e5c.628: 00000000001ca000-00000000001c7fff 0x0104/0x0004 0x0020000
379e5c.628: 00000000001cc000-00000000001c7fff 0x0004/0x0004 0x0020000
380e5c.628: *00000000001d0000-00000000000d3fff 0x0004/0x0004 0x0020000
381e5c.628: 00000000002cc000-00000000002c7fff 0x0000/0x0004 0x0020000
382e5c.628: 00000000002d0000-000000000029ffff 0x0001/0x0000 0x0000000
383e5c.628: *0000000000300000-0000000000205fff 0x0004/0x0004 0x0020000
384e5c.628: 00000000003fa000-00000000003f3fff 0x0000/0x0004 0x0020000
385e5c.628: *0000000000400000-0000000000255fff 0x0004/0x0004 0x0020000
386e5c.628: 00000000005aa000-00000000005a3fff 0x0001/0x0000 0x0000000
387e5c.628: *00000000005b0000-0000000000531fff 0x0004/0x0004 0x0020000
388e5c.628: 000000000062e000-00000000004abfff 0x0000/0x0004 0x0020000
389e5c.628: *00000000007b0000-000000000068ffff 0x0004/0x0004 0x0020000
390e5c.628: 00000000008d0000-ffffffff897cffff 0x0001/0x0000 0x0000000
391e5c.628: *00000000779d0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
392e5c.628: 00000000779d1000-0000000077935fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
393e5c.628: 0000000077a6c000-00000000779fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
394e5c.628: 0000000077ada000-0000000077ad7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
395e5c.628: 0000000077adc000-0000000077ac8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
396e5c.628: 0000000077aef000-00000000779edfff 0x0001/0x0000 0x0000000
397e5c.628: *0000000077bf0000-0000000077beefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
398e5c.628: 0000000077bf1000-0000000077aeefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
399e5c.628: 0000000077cf3000-0000000077cc3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
400e5c.628: 0000000077d22000-0000000077d20fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
401e5c.628: 0000000077d23000-0000000077d21fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
402e5c.628: 0000000077d24000-0000000077d22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
403e5c.628: 0000000077d25000-0000000077d22fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
404e5c.628: 0000000077d27000-0000000077d25fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
405e5c.628: 0000000077d28000-0000000077d26fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
406e5c.628: 0000000077d29000-0000000077d26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
407e5c.628: 0000000077d2b000-0000000077d29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
408e5c.628: 0000000077d2c000-0000000077d29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
409e5c.628: 0000000077d2e000-0000000077cc2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
410e5c.628: 0000000077d99000-0000000077d91fff 0x0001/0x0000 0x0000000
411e5c.628: *0000000077da0000-0000000077d9efff 0x0004/0x0004 0x0020000
412e5c.628: 0000000077da1000-0000000070b61fff 0x0001/0x0000 0x0000000
413e5c.628: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
414e5c.628: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
415e5c.628: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
416e5c.628: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
417e5c.628: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
418e5c.628: 000000007fff0000-ffffffffc0d2ffff 0x0001/0x0000 0x0000000
419e5c.628: *000000013f2b0000-000000013f2aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
420e5c.628: 000000013f2b1000-000000013f230fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
421e5c.628: 000000013f331000-000000013f2f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
422e5c.628: 000000013f368000-000000013f35efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
423e5c.628: 000000013f371000-000000013f337fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
424e5c.628: 000000013f3aa000-fffff80380a03fff 0x0001/0x0000 0x0000000
425e5c.628: *000007fefdd50000-000007fefdd4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
426e5c.628: 000007fefdd51000-000007fefdd06fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
427e5c.628: 000007fefdd9b000-000007fefdd84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
428e5c.628: 000007fefddb1000-000007fefddaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
429e5c.628: 000007fefddb3000-000007fefdda9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
430e5c.628: 000007fefddbc000-000007fefbc67fff 0x0001/0x0000 0x0000000
431e5c.628: *000007fefff10000-000007fefff0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
432e5c.628: 000007fefff11000-000007fdffe71fff 0x0001/0x0000 0x0000000
433e5c.628: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
434e5c.628: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
435e5c.628: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
436e5c.628: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
437e5c.628: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
438e5c.628: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
439e5c.628: SUPR3HardenedMain: Final process, opening VBoxDrv...
440e5c.628: supR3HardNtEnableThreadCreation:
441e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000394190:C:\Windows\system32
442e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
443e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
444e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
445e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
446e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
447e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6750000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
448e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
449e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
450e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6750000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
451e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6750000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
452e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000394190:C:\Windows\system32
453e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
454e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
455e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
456e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
457e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
458e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
459e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
460e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
461e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
462e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
463e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
464e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
465e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
466e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
467e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
468e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
469e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
470e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
471e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
472e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
473e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
474e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
475e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
476e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
477e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
478e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
479e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
480e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
481e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
482e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
483e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
484e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\Wintrust.dll'
485e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
486e5c.628: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
487e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
488e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
489e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
490e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd200000 'C:\Windows\system32\CRYPTSP.dll'
491e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
492e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
493e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
494e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
495e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
496e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
497e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
498e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
499e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\rsaenh.dll'
500e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
501e5c.628: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
502e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
503e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
504e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
505e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
506e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
507e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
508e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
509e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
510e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
511e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
512e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
513e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
514e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
515e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
516e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
517e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddc0000 'C:\Windows\system32\ADVAPI32.dll'
518e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
519e5c.628: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
520e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
521e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
522e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
523e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
524e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
525e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
526e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
527e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
528e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
529e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\CRYPTBASE.dll'
530e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
531e5c.628: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
532e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
533e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
534e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000779d0000 'C:\Windows\system32\kernel32.dll'
535e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
536e5c.628: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\Windows\system32\WINTRUST.DLL' [rcNt=0xc0150008]
537e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
538e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\WINTRUST.DLL'
539e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
540e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
541e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\CRYPT32.dll'
542e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=imagehlp.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
543e5c.628: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\Windows\system32\imagehlp.dll' [rcNt=0xc0150008]
544e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
545e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
546e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
547e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
548e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
549e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
550e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
551e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
552e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
553e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
554e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
555e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffda0000 'C:\Windows\system32\imagehlp.dll'
556e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
557e5c.628: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
558e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
559e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd200000 'C:\Windows\system32\CRYPTSP.dll'
560e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=USER32.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
561e5c.628: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\Windows\system32\USER32.dll' [rcNt=0xc0150008]
562e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
563e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
564e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
565e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
566e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
567e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
568e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
569e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
570e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
571e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
572e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
573e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
574e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
575e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
576e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
577e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
578e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
579e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
580e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
581e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
582e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
583e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
584e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
585e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
586e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
587e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
588e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
589e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
590e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
591e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
592e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
593e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
594e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
595e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
596e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
597e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
598e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
599e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
600e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
601e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
602e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
603e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
604e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
605e5c.628: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008]
606e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
607e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffe70000 'C:\Windows\system32\gdi32.dll'
608e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
609e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
610e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
611e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
612e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
613e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
614e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
615e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
616e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
617e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
618e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
619e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
620e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
621e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
622e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
623e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
624e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
625e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
626e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
627e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
628e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
629e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
630e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
631e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
632e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
633e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
634e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
635e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
636e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
637e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
638e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
639e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
640e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
641e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\IMM32.DLL'
642e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077af0000 'C:\Windows\system32\USER32.dll'
643e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=ncrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
644e5c.628: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\Windows\system32\ncrypt.dll' [rcNt=0xc0150008]
645e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
646e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
647e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
648e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
649e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
650e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
651e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
652e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
653e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
654e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
655e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
656e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
657e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
658e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
659e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
660e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
661e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
662e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd380000 'C:\Windows\system32\ncrypt.dll'
663e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
664e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
665e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
666e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
667e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
668e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
669e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
670e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
671e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
672e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
673e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
674e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
675e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce40000 'C:\Windows\system32\bcryptprimitives.dll'
676e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=bcrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
677e5c.628: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\Windows\system32\bcrypt.dll' [rcNt=0xc0150008]
678e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
679e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\bcrypt.dll'
680e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=USERENV.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
681e5c.628: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\Windows\system32\USERENV.dll' [rcNt=0xc0150008]
682e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
683e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
684e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
685e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
686e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
687e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
688e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
689e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
690e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
691e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
692e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
693e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
694e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
695e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
696e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
697e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
698e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
699e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
700e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
701e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
702e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc50000 'C:\Windows\system32\USERENV.dll'
703e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
704e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
705e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
706e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
707e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=GPAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
708e5c.628: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\Windows\system32\GPAPI.dll' [rcNt=0xc0150008]
709e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
710e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
711e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
712e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
713e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
714e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
715e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
716e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
717e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
718e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
719e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
720e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccb0000 'C:\Windows\system32\GPAPI.dll'
721e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
722e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
723e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=rpcrt4.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
724e5c.628: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008]
725e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
726e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef30000 'C:\Windows\system32\rpcrt4.dll'
727e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
728e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
729e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
730e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
731e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
732e5c.628: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
733e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
734e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
735e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
736e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
737e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
738e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
739e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
740e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll'
741e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
742e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
743e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
744e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
745e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
746e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
747e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
748e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
749e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
750e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
751e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
752e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
753e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
754e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
755e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
756e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
757e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
758e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
759e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
760e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
761e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
763e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
764e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
766e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
767e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
769e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
770e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
772e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
773e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
775e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
776e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
777e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
778e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
779e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
781e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
782e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
783e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
784e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
785e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
786e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
787e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
788e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
789e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
790e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
791e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
792e5c.628: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
793e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\cryptnet.dll'
795e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
796e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
797e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=profapi.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
798e5c.628: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\Windows\system32\profapi.dll' [rcNt=0xc0150008]
799e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
800e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\profapi.dll'
801e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
802e5c.628: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\Windows\system32\SHLWAPI.dll' [rcNt=0xc0150008]
803e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
804e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
805e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
806e5c.628: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
807e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
808e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
809e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
810e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
811e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
812e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
813e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
814e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
815e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
816e5c.628: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
817e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
818e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffd10000 'C:\Windows\system32\SHLWAPI.dll'
819e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
820e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000039fcb0
821e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
822e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
823e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
824e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
825e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
826e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
827e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
828e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
829e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
830e5c.628: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
831e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
832e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddc0000 'C:\Windows\system32\ADVAPI32.dll'
833e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
834e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
835e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
836e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffee0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
837e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
838e5c.628: g_pfnWinVerifyTrust=000007fefdd11010
839e5c.628: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
840e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
841e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
842e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
843e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
844e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
845e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
846e5c.628: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
847e5c.628: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
848e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
849e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
850e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
851e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
852e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
853e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
854e5c.628: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
855e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
856e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
857e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
858e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
859e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
860e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
861e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
862e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
863e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
864e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
865e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
866e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
867e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
868e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
869e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
870e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
871e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
872e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
873e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
874e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
875e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
876e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
877e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
878e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
879e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
880e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
881e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
882e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
883e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
884e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
885e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
886e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
887e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
888e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
889e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
890e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
891e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
892e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
893e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
894e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
895e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
896e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
897e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
898e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
899e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
900e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
901e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
902e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
903e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
904e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
905e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
906e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
907e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
908e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79EA9CBEF21789D2261F797DD2A1624A054306AB
909e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2973337~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
910e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
911e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
912e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
913e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
914e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
915e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
916e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
917e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
918e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
919e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
920e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
921e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
922e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
923e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
924e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
925e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
926e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
927e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
928e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
929e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
930e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
931e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
932e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
933e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
934e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
935e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
936e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
937e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
938e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
939e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
940e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
941e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
942e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
943e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
944e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
945e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
946e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
947e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
948e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
949e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
950e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
951e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
952e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
953e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
954e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
955e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
956e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
957e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
958e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
959e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
960e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
961e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
962e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
963e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
964e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
965e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2922229~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
966e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
967e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
968e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
969e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
970e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
971e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
972e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
973e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
974e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
975e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000010c pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
976e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
977e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
978e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
979e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
980e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
981e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
982e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
983e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
984e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
985e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
986e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
987e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
988e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
989e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
990e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000fc pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
991e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
992e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
993e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
994e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
995e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
996e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
997e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
998e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
999e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1000e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1001e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1002e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1003e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1004e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
1005e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1006e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1007e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1008e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1009e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1010e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1011e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1012e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1013e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1014e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1015e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1016e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1017e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1018e5c.628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1019e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000001f6800:C:\Windows\system32
1020e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1021e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\crypt32.dll'
1022e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1023e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1024e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1025e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1026e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1027e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1028e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1029e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1030e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1031e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1032e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1033e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1034e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1035e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1036e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1037e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1038e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1039e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1040e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1041e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1042e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1043e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1044e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1045e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1046e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1047e5c.628: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1048e5c.628: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=26
1049e5c.628: SUPR3HardenedMain: Load Runtime...
1050e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000375a50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32
1051e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1052e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1053e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1054e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1055e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1056e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1057e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1058e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1059e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1060e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1061e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1062e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1063e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1064e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1065e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1066e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1067e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1068e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1069e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1070e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1071e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll)WinVerifyTrust
1072e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1073e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1074e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll'
1075e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1076e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1077e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1078e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1079e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1080e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1081e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1082e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1083e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1084e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1085e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1086e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1087e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
1088e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1089e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1090e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1091e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1092e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1093e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll)WinVerifyTrust
1094e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
1095e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1096e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1097e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1098e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1099e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1100e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1101e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1102e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1103e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1104e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1105e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1106e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1107e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1108e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1109e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1110e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1111e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1112e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1113e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1114e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1115e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1116e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1117e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1118e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1119e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1120e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1121e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1122e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1123e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1124e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1125e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1126e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1127e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1128e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1129e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1130e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1131e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1132e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1133e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1134e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1135e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1136e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1137e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1138e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1139e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1141e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1142e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1144e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1145e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1147e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1148e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1150e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1151e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1153e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1154e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1156e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1157e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1159e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1160e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1162e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1163e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1165e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1166e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1168e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1169e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1171e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1172e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1174e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1176e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1177e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1178e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1179e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1180e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1181e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1182e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1183e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1184e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1185e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1186e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1187e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1188e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1189e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1190e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1191e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1192e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1193e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1194e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1195e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1196e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1197e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000379ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin;C:\Users\Public\Documents\RAD Studio\6.0\Bpl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Microsoft Network Monitor 3\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
1198e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1199e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1200e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef34d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1201e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000207510:C:\Windows\system32
1202e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
1203e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\Wintrust.dll'
1204e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000207510:C:\Windows\system32
1205e5c.628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1206e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\crypt32.dll'
1207e5c.628: SUPR3HardenedMain: Load TrustedMain...
1208e5c.628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=0000000000375a50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32
1209e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1210e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1211e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1212e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1213e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1214e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1215e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1216e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1217e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1218e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1219e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1220e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1221e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1222e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1223e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1224e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1225e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1226e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
1227e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1228e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1229e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
1230e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1231e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1232e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1233e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1234e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1235e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1236e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1237e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll)WinVerifyTrust
1238e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
1239e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1240e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1241e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1242e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1243e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1244e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1245e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1246e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1247e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1248e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1249e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1250e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1251e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1252e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1253e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll)WinVerifyTrust
1254e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1255e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1256e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1257e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1258e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1259e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1260e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
1261e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1262e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1263e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1264e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1265e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1266e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1267e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1268e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll)WinVerifyTrust
1269e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1270e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1271e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1272e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
1273e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1274e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1275e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1276e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1277e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1278e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1279e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1280e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1281e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1282e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll)WinVerifyTrust
1283e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
1284e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1285e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1286e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
1287e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1288e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1289e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
1290e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1291e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1292e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1293e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1294e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1295e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1296e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)WinVerifyTrust
1297e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
1298e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1299e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1300e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1301e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1302e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1303e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1304e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1305e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1306e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1307e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1308e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll'
1309e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1310e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1311e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1312e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1313e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1314e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1315e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1316e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1317e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1318e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll'
1319e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1320e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1321e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1322e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1323e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1324e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1325e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll'
1326e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1327e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1328e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1329e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1330e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1331e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1332e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1333e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1334e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1335e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1336e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1337e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1338e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1339e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1340e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1341e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1342e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
1343e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1344e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1345e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1346e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1347e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1348e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1349e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1350e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1351e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1352e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1353e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1354e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1355e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll'
1356e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1357e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1358e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll'
1359e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1360e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1361e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1362e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
1363e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1364e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1365e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1366e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1367e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1368e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1369e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1370e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1371e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1372e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1373e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1374e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll)WinVerifyTrust
1375e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1376e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1377e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1378e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1379e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1380e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1381e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
1382e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1383e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1384e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1385e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1386e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1387e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1388e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1389e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1390e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1391e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1392e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1393e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll)WinVerifyTrust
1394e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1395e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1396e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1397e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
1398e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1399e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1400e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1401e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1402e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1403e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1404e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1405e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1406e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll)WinVerifyTrust
1407e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
1408e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1409e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1410e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1411e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1412e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1413e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1414e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1415e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1416e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1417e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1418e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1419e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1420e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1421e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll'
1422e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1423e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1424e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1425e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1426e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1427e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1428e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1429e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1430e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1431e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1432e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1433e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1434e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1435e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1436e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1437e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1438e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1439e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll'
1440e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1441e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1442e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
1443e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1444e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1445e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1446e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1447e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1448e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1449e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1450e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1451e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1452e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1453e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1454e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1455e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1456e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1457e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv'
1458e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
1459e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1460e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1461e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1462e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
1463e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1464e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1465e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1466e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1467e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv)WinVerifyTrust
1468e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
1469e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1470e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1471e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
1472e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1473e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1474e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
1475e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1476e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1477e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1478e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1479e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1480e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1481e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1482e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1483e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1484e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1485e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1486e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1487e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1488e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
1489e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1490e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1491e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1492e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1493e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1494e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
1495e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1496e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1497e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
1498e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1499e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1500e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll'
1501e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1502e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1503e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1504e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1505e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1506e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1507e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1508e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1509e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1510e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1511e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1512e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1513e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1514e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1515e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1516e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1517e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1518e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1519e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1520e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1521e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1522e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1523e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1524e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1525e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1526e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1528e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1529e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1530e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1531e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1532e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1533e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1534e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1535e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1536e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1537e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1538e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1539e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1540e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1541e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1542e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1543e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1544e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1545e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1546e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1547e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1548e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1549e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1550e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1551e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1552e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1553e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1554e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
1555e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
1556e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1557e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1558e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1559e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
1560e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1561e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1562e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1563e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1564e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll)WinVerifyTrust
1565e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
1566e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1567e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1568e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1569e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1570e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1571e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1572e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1573e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1574e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1575e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1576e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1577e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1578e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1579e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1580e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1581e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1582e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1583e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1584e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1585e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1586e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1587e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1588e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1589e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1590e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1591e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1592e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1593e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1594e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1595e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1596e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1597e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1598e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1599e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1600e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1601e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1602e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1603e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1604e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1605e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1606e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1607e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1608e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1609e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1610e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1611e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1612e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1613e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1614e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1615e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1616e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1617e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1618e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1619e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1620e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1621e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1622e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)WinVerifyTrust
1623e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1624e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1625e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1626e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
1627e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1628e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1629e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1630e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1631e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1632e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1633e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1634e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1635e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1636e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1637e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1638e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1639e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll)WinVerifyTrust
1640e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
1641e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1642e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1643e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1644e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1645e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
1646e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
1647e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1648e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1649e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
1650e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
1651e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1652e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1653e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1654e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1655e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll)WinVerifyTrust
1656e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
1657e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1658e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1659e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1660e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1661e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1662e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1663e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1664e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1665e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1666e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1667e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1668e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1669e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1670e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1671e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1672e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1673e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1674e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
1675e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1676e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1677e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1678e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1679e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1680e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1681e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1682e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)WinVerifyTrust
1683e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
1684e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1685e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1686e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1687e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1688e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1689e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1690e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1691e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1692e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1693e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1695e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1696e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1697e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1698e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1699e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1700e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1701e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
1702e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000039fcb0
1703e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000039fcb0
1704e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1705e5c.628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1706e5c.628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1707e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1708e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1709e5c.628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1710e5c.628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1711e5c.628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
1712e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1713e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1714e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1715e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1716e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1717e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1718e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1719e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1720e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1721e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1722e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1723e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1724e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1725e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1726e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1727e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1728e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1729e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1730e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1731e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1732e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
1733e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1734e5c.628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1735e5c.628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1736e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
1737e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1738e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
1739e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1740e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
1741e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1742e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1743e5c.628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1744e5c.628: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00)
1745e5c.628: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
1746e5c.628: Error (rc=0):
1747e5c.628: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0xf fAccess=0x10 \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'.
1748e5c.628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1749e5c.628: Fatal error:
1750e5c.628: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
1751810.f98: supR3HardenedWinDoReSpawn(2): Quitting: ExitCode=0x1 rcNt=0x0
175254c.d08: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0x1 rcNt=0x0

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy