VirtualBox

Ticket #13617: VBoxStartup.log

File VBoxStartup.log, 265.2 KB (added by mskov, 10 years ago)
Line 
15c4.724: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
25c4.724: \SystemRoot\System32\ntdll.dll:
35c4.724: CreationTime: 2012-09-10T11:24:51.962302600Z
45c4.724: LastWriteTime: 2011-11-17T06:41:18.858669900Z
55c4.724: ChangeTime: 2012-09-10T11:50:52.791351600Z
65c4.724: FileAttributes: 0x20
75c4.724: Size: 0x1a6d50
85c4.724: NT Headers: 0xe0
95c4.724: Timestamp: 0x4ec4aa8e
105c4.724: Machine: 0x8664 - amd64
115c4.724: Timestamp: 0x4ec4aa8e
125c4.724: Image Version: 6.1
135c4.724: SizeOfImage: 0x1a9000 (1740800)
145c4.724: Resource Dir: 0x151000 LB 0x560d8
155c4.724: ProductName: Microsoft® Windows® Operating System
165c4.724: ProductVersion: 6.1.7601.17725
175c4.724: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
185c4.724: FileDescription: NT Layer DLL
195c4.724: \SystemRoot\System32\kernel32.dll:
205c4.724: CreationTime: 2014-11-04T16:00:46.948939200Z
215c4.724: LastWriteTime: 2014-03-04T09:44:00.336000000Z
225c4.724: ChangeTime: 2014-11-17T08:39:25.640625000Z
235c4.724: FileAttributes: 0x20
245c4.724: Size: 0x11c000
255c4.724: NT Headers: 0xe8
265c4.724: Timestamp: 0x5315a059
275c4.724: Machine: 0x8664 - amd64
285c4.724: Timestamp: 0x5315a059
295c4.724: Image Version: 6.1
305c4.724: SizeOfImage: 0x11f000 (1175552)
315c4.724: Resource Dir: 0x116000 LB 0x528
325c4.724: ProductName: Microsoft® Windows® Operating System
335c4.724: ProductVersion: 6.1.7601.18409
345c4.724: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
355c4.724: FileDescription: Windows NT BASE API Client DLL
365c4.724: \SystemRoot\System32\KernelBase.dll:
375c4.724: CreationTime: 2014-11-04T16:00:46.914134400Z
385c4.724: LastWriteTime: 2013-08-02T02:13:34.580000000Z
395c4.724: ChangeTime: 2014-11-17T08:39:25.640625000Z
405c4.724: FileAttributes: 0x20
415c4.724: Size: 0x67a00
425c4.724: NT Headers: 0xe8
435c4.724: Timestamp: 0x51fb1677
445c4.724: Machine: 0x8664 - amd64
455c4.724: Timestamp: 0x51fb1677
465c4.724: Image Version: 6.1
475c4.724: SizeOfImage: 0x6b000 (438272)
485c4.724: Resource Dir: 0x69000 LB 0x530
495c4.724: ProductName: Microsoft® Windows® Operating System
505c4.724: ProductVersion: 6.1.7601.18229
515c4.724: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
525c4.724: FileDescription: Windows NT BASE API Client DLL
535c4.724: \SystemRoot\System32\apisetschema.dll:
545c4.724: CreationTime: 2009-07-13T23:18:54.866423200Z
555c4.724: LastWriteTime: 2009-07-14T01:24:53.779000000Z
565c4.724: ChangeTime: 2012-09-10T12:13:14.812500000Z
575c4.724: FileAttributes: 0x20
585c4.724: Size: 0x1a00
595c4.724: NT Headers: 0xc0
605c4.724: Timestamp: 0x4a5bdeab
615c4.724: Machine: 0x8664 - amd64
625c4.724: Timestamp: 0x4a5bdeab
635c4.724: Image Version: 6.1
645c4.724: SizeOfImage: 0x50000 (327680)
655c4.724: Resource Dir: 0x30000 LB 0x3f0
665c4.724: ProductName: Microsoft® Windows® Operating System
675c4.724: ProductVersion: 6.1.7600.16385
685c4.724: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
695c4.724: FileDescription: ApiSet Schema DLL
705c4.724: NtOpenDirectoryObject failed on \Driver: 0xc0000022
715c4.724: supR3HardenedWinFindAdversaries: 0x0
725c4.724: Calling main()
735c4.724: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
745c4.724: SUPR3HardenedMain: Respawn #1
755c4.724: System32: \Device\HarddiskVolume2\Windows\System32
765c4.724: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
775c4.724: KnownDllPath: C:\Windows\system32
785c4.724: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
795c4.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
805c4.724: supR3HardNtEnableThreadCreation:
815c4.724: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776c320 pvNtTerminateThread=0000000077791840
825c4.724: supR3HardenedWinDoReSpawn(1): New child a9c.bc4 [kernel32].
835c4.724: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
845c4.724: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000
855c4.724: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007776c320
865c4.724: supR3HardenedWinSetupChildInit: Start child.
875c4.724: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
885c4.724: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 23 sleeps
895c4.724: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
905c4.724: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
915c4.724: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
925c4.724: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
935c4.724: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
945c4.724: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
955c4.724: 0000000000041000-fffffffffff11fff 0x0001/0x0000 0x0000000
965c4.724: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
975c4.724: 000000000026c000-0000000000268fff 0x0104/0x0004 0x0020000
985c4.724: 000000000026f000-000000000026dfff 0x0004/0x0004 0x0020000
995c4.724: 0000000000270000-ffffffff88d9ffff 0x0001/0x0000 0x0000000
1005c4.724: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1015c4.724: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1025c4.724: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1035c4.724: 0000000077872000-0000000077865fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1045c4.724: 000000007787e000-0000000077812fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1055c4.724: 00000000778e9000-00000000701f1fff 0x0001/0x0000 0x0000000
1065c4.724: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1075c4.724: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1085c4.724: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1095c4.724: 000000007fff0000-ffffffffc068ffff 0x0001/0x0000 0x0000000
1105c4.724: *000000013f950000-000000013f94efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1115c4.724: 000000013f951000-000000013f8ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1125c4.724: 000000013f9d5000-000000013f9d3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1135c4.724: 000000013f9d6000-000000013f998fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1145c4.724: 000000013fa13000-000000013fa11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1155c4.724: 000000013fa14000-000000013fa12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1165c4.724: 000000013fa15000-000000013fa12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1175c4.724: 000000013fa17000-000000013fa15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1185c4.724: 000000013fa18000-000000013fa16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1195c4.724: 000000013fa19000-000000013fa14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1205c4.724: 000000013fa1d000-000000013f9e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1215c4.724: 000000013fa56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000
1225c4.724: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1235c4.724: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
1245c4.724: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1255c4.724: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
1265c4.724: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
1275c4.724: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
1285c4.724: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1295c4.724: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1305c4.724: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
1315c4.724: VirtualBox.exe: timestamp 0x5439147c (rc=VINF_SUCCESS)
1325c4.724: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1335c4.724: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1345c4.724: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1355c4.724: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0).
136a9c.bc4: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
137a9c.bc4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077740000
138a9c.bc4: ntdll.dll: timestamp 0x4ec4aa8e (rc=VINF_SUCCESS)
139a9c.bc4: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
140a9c.bc4: System32: \Device\HarddiskVolume2\Windows\System32
141a9c.bc4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
142a9c.bc4: KnownDllPath: C:\Windows\system32
143a9c.bc4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
144a9c.bc4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
145a9c.bc4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
146a9c.bc4: Registered Dll notification callback with NTDLL.
147a9c.bc4: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
148a9c.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
149a9c.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
150a9c.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
151a9c.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
152a9c.bc4: supR3HardenedDllNotificationCallback: load 0000000077060000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
153a9c.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
154a9c.bc4: supR3HardenedDllNotificationCallback: load 000007fefdf00000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
155a9c.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
156a9c.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
157a9c.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
158a9c.bc4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776c320 pvNtTerminateThread=0000000077791840
159a9c.bc4: \SystemRoot\System32\ntdll.dll:
160a9c.bc4: CreationTime: 2012-09-10T11:24:51.962302600Z
161a9c.bc4: LastWriteTime: 2011-11-17T06:41:18.858669900Z
162a9c.bc4: ChangeTime: 2012-09-10T11:50:52.791351600Z
163a9c.bc4: FileAttributes: 0x20
164a9c.bc4: Size: 0x1a6d50
165a9c.bc4: NT Headers: 0xe0
166a9c.bc4: Timestamp: 0x4ec4aa8e
167a9c.bc4: Machine: 0x8664 - amd64
168a9c.bc4: Timestamp: 0x4ec4aa8e
169a9c.bc4: Image Version: 6.1
170a9c.bc4: SizeOfImage: 0x1a9000 (1740800)
171a9c.bc4: Resource Dir: 0x151000 LB 0x560d8
172a9c.bc4: ProductName: Microsoft® Windows® Operating System
173a9c.bc4: ProductVersion: 6.1.7601.17725
174a9c.bc4: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
175a9c.bc4: FileDescription: NT Layer DLL
176a9c.bc4: \SystemRoot\System32\kernel32.dll:
177a9c.bc4: CreationTime: 2014-11-04T16:00:46.948939200Z
178a9c.bc4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
179a9c.bc4: ChangeTime: 2014-11-17T08:39:25.640625000Z
180a9c.bc4: FileAttributes: 0x20
181a9c.bc4: Size: 0x11c000
182a9c.bc4: NT Headers: 0xe8
183a9c.bc4: Timestamp: 0x5315a059
184a9c.bc4: Machine: 0x8664 - amd64
185a9c.bc4: Timestamp: 0x5315a059
186a9c.bc4: Image Version: 6.1
187a9c.bc4: SizeOfImage: 0x11f000 (1175552)
188a9c.bc4: Resource Dir: 0x116000 LB 0x528
189a9c.bc4: ProductName: Microsoft® Windows® Operating System
190a9c.bc4: ProductVersion: 6.1.7601.18409
191a9c.bc4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
192a9c.bc4: FileDescription: Windows NT BASE API Client DLL
193a9c.bc4: \SystemRoot\System32\KernelBase.dll:
194a9c.bc4: CreationTime: 2014-11-04T16:00:46.914134400Z
195a9c.bc4: LastWriteTime: 2013-08-02T02:13:34.580000000Z
196a9c.bc4: ChangeTime: 2014-11-17T08:39:25.640625000Z
197a9c.bc4: FileAttributes: 0x20
198a9c.bc4: Size: 0x67a00
199a9c.bc4: NT Headers: 0xe8
200a9c.bc4: Timestamp: 0x51fb1677
201a9c.bc4: Machine: 0x8664 - amd64
202a9c.bc4: Timestamp: 0x51fb1677
203a9c.bc4: Image Version: 6.1
204a9c.bc4: SizeOfImage: 0x6b000 (438272)
205a9c.bc4: Resource Dir: 0x69000 LB 0x530
206a9c.bc4: ProductName: Microsoft® Windows® Operating System
207a9c.bc4: ProductVersion: 6.1.7601.18229
208a9c.bc4: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
209a9c.bc4: FileDescription: Windows NT BASE API Client DLL
210a9c.bc4: \SystemRoot\System32\apisetschema.dll:
211a9c.bc4: CreationTime: 2009-07-13T23:18:54.866423200Z
212a9c.bc4: LastWriteTime: 2009-07-14T01:24:53.779000000Z
213a9c.bc4: ChangeTime: 2012-09-10T12:13:14.812500000Z
214a9c.bc4: FileAttributes: 0x20
215a9c.bc4: Size: 0x1a00
216a9c.bc4: NT Headers: 0xc0
217a9c.bc4: Timestamp: 0x4a5bdeab
218a9c.bc4: Machine: 0x8664 - amd64
219a9c.bc4: Timestamp: 0x4a5bdeab
220a9c.bc4: Image Version: 6.1
221a9c.bc4: SizeOfImage: 0x50000 (327680)
222a9c.bc4: Resource Dir: 0x30000 LB 0x3f0
223a9c.bc4: ProductName: Microsoft® Windows® Operating System
224a9c.bc4: ProductVersion: 6.1.7600.16385
225a9c.bc4: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
226a9c.bc4: FileDescription: ApiSet Schema DLL
227a9c.bc4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
228a9c.bc4: supR3HardenedWinFindAdversaries: 0x0
229a9c.bc4: Calling main()
230a9c.bc4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
231a9c.bc4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
232a9c.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
233a9c.bc4: SUPR3HardenedMain: Respawn #2
234a9c.bc4: supR3HardNtEnableThreadCreation:
235a9c.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
236a9c.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
237a9c.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
238a9c.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
239a9c.bc4: supR3HardenedDllNotificationCallback: load 000007fefda30000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
240a9c.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
241a9c.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda30000 'C:\Windows\system32\apphelp.dll'
242a9c.bc4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776c320 pvNtTerminateThread=0000000077791840
243a9c.bc4: supR3HardenedWinDoReSpawn(2): New child ac0.834 [kernel32].
244a9c.bc4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
245a9c.bc4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000
246a9c.bc4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007776c320
247a9c.bc4: supR3HardenedWinSetupChildInit: Start child.
2485c4.724: supR3HardNtEnableThreadCreation:
2495c4.724: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 0 ms.
250a9c.bc4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 3 ms.
251a9c.bc4: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 26 sleeps
252a9c.bc4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
253a9c.bc4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
254a9c.bc4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
255a9c.bc4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
256a9c.bc4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
257a9c.bc4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
258a9c.bc4: 0000000000041000-fffffffffff21fff 0x0001/0x0000 0x0000000
259a9c.bc4: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
260a9c.bc4: 000000000025c000-0000000000258fff 0x0104/0x0004 0x0020000
261a9c.bc4: 000000000025f000-000000000025dfff 0x0004/0x0004 0x0020000
262a9c.bc4: 0000000000260000-ffffffff88d7ffff 0x0001/0x0000 0x0000000
263a9c.bc4: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
264a9c.bc4: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
265a9c.bc4: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
266a9c.bc4: 0000000077872000-0000000077865fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
267a9c.bc4: 000000007787e000-0000000077812fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
268a9c.bc4: 00000000778e9000-00000000701f1fff 0x0001/0x0000 0x0000000
269a9c.bc4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
270a9c.bc4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
271a9c.bc4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
272a9c.bc4: 000000007fff0000-ffffffffc068ffff 0x0001/0x0000 0x0000000
273a9c.bc4: *000000013f950000-000000013f94efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274a9c.bc4: 000000013f951000-000000013f8ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
275a9c.bc4: 000000013f9d5000-000000013f9d3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
276a9c.bc4: 000000013f9d6000-000000013f998fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
277a9c.bc4: 000000013fa13000-000000013fa11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
278a9c.bc4: 000000013fa14000-000000013fa12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
279a9c.bc4: 000000013fa15000-000000013fa12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
280a9c.bc4: 000000013fa17000-000000013fa15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
281a9c.bc4: 000000013fa18000-000000013fa16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
282a9c.bc4: 000000013fa19000-000000013fa14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
283a9c.bc4: 000000013fa1d000-000000013f9e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
284a9c.bc4: 000000013fa56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000
285a9c.bc4: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
286a9c.bc4: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
287a9c.bc4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
288a9c.bc4: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
289a9c.bc4: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
290a9c.bc4: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
291a9c.bc4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
292a9c.bc4: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
293a9c.bc4: VirtualBox.exe: timestamp 0x5439147c (rc=VINF_SUCCESS)
294a9c.bc4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
295a9c.bc4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
296a9c.bc4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
297a9c.bc4: supR3HardNtChildPurify: Done after 300 ms and 0 fixes (loop #0).
298ac0.834: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
299ac0.834: supR3HardenedVmProcessInit: uNtDllAddr=0000000077740000
300ac0.834: ntdll.dll: timestamp 0x4ec4aa8e (rc=VINF_SUCCESS)
301ac0.834: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
302ac0.834: System32: \Device\HarddiskVolume2\Windows\System32
303ac0.834: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
304ac0.834: KnownDllPath: C:\Windows\system32
305ac0.834: supR3HardenedVmProcessInit: Opening vboxdrv...
306ac0.834: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
307ac0.834: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
308ac0.834: Registered Dll notification callback with NTDLL.
309ac0.834: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
310ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
311ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
312ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
313ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
314ac0.834: supR3HardenedDllNotificationCallback: load 0000000077060000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
315ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
316ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdf00000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
317ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
318ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
319ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
320ac0.834: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776c320 pvNtTerminateThread=0000000077791840
321ac0.834: \SystemRoot\System32\ntdll.dll:
322ac0.834: CreationTime: 2012-09-10T11:24:51.962302600Z
323ac0.834: LastWriteTime: 2011-11-17T06:41:18.858669900Z
324ac0.834: ChangeTime: 2012-09-10T11:50:52.791351600Z
325ac0.834: FileAttributes: 0x20
326ac0.834: Size: 0x1a6d50
327ac0.834: NT Headers: 0xe0
328ac0.834: Timestamp: 0x4ec4aa8e
329ac0.834: Machine: 0x8664 - amd64
330ac0.834: Timestamp: 0x4ec4aa8e
331ac0.834: Image Version: 6.1
332ac0.834: SizeOfImage: 0x1a9000 (1740800)
333ac0.834: Resource Dir: 0x151000 LB 0x560d8
334ac0.834: ProductName: Microsoft® Windows® Operating System
335ac0.834: ProductVersion: 6.1.7601.17725
336ac0.834: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
337ac0.834: FileDescription: NT Layer DLL
338ac0.834: \SystemRoot\System32\kernel32.dll:
339ac0.834: CreationTime: 2014-11-04T16:00:46.948939200Z
340ac0.834: LastWriteTime: 2014-03-04T09:44:00.336000000Z
341ac0.834: ChangeTime: 2014-11-17T08:39:25.640625000Z
342ac0.834: FileAttributes: 0x20
343ac0.834: Size: 0x11c000
344ac0.834: NT Headers: 0xe8
345ac0.834: Timestamp: 0x5315a059
346ac0.834: Machine: 0x8664 - amd64
347ac0.834: Timestamp: 0x5315a059
348ac0.834: Image Version: 6.1
349ac0.834: SizeOfImage: 0x11f000 (1175552)
350ac0.834: Resource Dir: 0x116000 LB 0x528
351ac0.834: ProductName: Microsoft® Windows® Operating System
352ac0.834: ProductVersion: 6.1.7601.18409
353ac0.834: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
354ac0.834: FileDescription: Windows NT BASE API Client DLL
355ac0.834: \SystemRoot\System32\KernelBase.dll:
356ac0.834: CreationTime: 2014-11-04T16:00:46.914134400Z
357ac0.834: LastWriteTime: 2013-08-02T02:13:34.580000000Z
358ac0.834: ChangeTime: 2014-11-17T08:39:25.640625000Z
359ac0.834: FileAttributes: 0x20
360ac0.834: Size: 0x67a00
361ac0.834: NT Headers: 0xe8
362ac0.834: Timestamp: 0x51fb1677
363ac0.834: Machine: 0x8664 - amd64
364ac0.834: Timestamp: 0x51fb1677
365ac0.834: Image Version: 6.1
366ac0.834: SizeOfImage: 0x6b000 (438272)
367ac0.834: Resource Dir: 0x69000 LB 0x530
368ac0.834: ProductName: Microsoft® Windows® Operating System
369ac0.834: ProductVersion: 6.1.7601.18229
370ac0.834: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
371ac0.834: FileDescription: Windows NT BASE API Client DLL
372ac0.834: \SystemRoot\System32\apisetschema.dll:
373ac0.834: CreationTime: 2009-07-13T23:18:54.866423200Z
374ac0.834: LastWriteTime: 2009-07-14T01:24:53.779000000Z
375ac0.834: ChangeTime: 2012-09-10T12:13:14.812500000Z
376ac0.834: FileAttributes: 0x20
377ac0.834: Size: 0x1a00
378ac0.834: NT Headers: 0xc0
379ac0.834: Timestamp: 0x4a5bdeab
380ac0.834: Machine: 0x8664 - amd64
381ac0.834: Timestamp: 0x4a5bdeab
382ac0.834: Image Version: 6.1
383ac0.834: SizeOfImage: 0x50000 (327680)
384ac0.834: Resource Dir: 0x30000 LB 0x3f0
385ac0.834: ProductName: Microsoft® Windows® Operating System
386ac0.834: ProductVersion: 6.1.7600.16385
387ac0.834: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
388ac0.834: FileDescription: ApiSet Schema DLL
389ac0.834: NtOpenDirectoryObject failed on \Driver: 0xc0000022
390ac0.834: supR3HardenedWinFindAdversaries: 0x0
391ac0.834: Calling main()
392ac0.834: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
393ac0.834: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
394ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
395ac0.834: SUPR3HardenedMain: Final process, opening VBoxDrv...
396ac0.834: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
397ac0.834: supR3HardNtEnableThreadCreation:
398ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
399ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
400ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000823cf0:C:\Windows\system32 [calling]
401ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
402ac0.834: supR3HardenedDllNotificationCallback: load 000007fef9650000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
403ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
404ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
405ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
406ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
407ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
409ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
410ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
411a9c.bc4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
412a9c.bc4: supR3HardNtEnableThreadCreation:
413a9c.bc4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 0 ms.
414ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
415ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
416ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
417ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
418ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
419ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
420ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
421ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
422ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
423ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
424ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
425ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
426ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
427ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
428ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
429ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
430ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
431ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
432ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
433ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
434ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
435ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
436ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
437ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
438ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
439ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
440ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
441ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
442ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
443ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
444ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000823cf0:C:\Windows\system32 [calling]
445ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
446ac0.834: supR3HardenedDllNotificationCallback: load 000007fefddc0000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
447ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
448ac0.834: supR3HardenedDllNotificationCallback: load 000007feff950000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
449ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
450ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdc50000 LB 0x0016a000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
451ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
452ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
453ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
454ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe880000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
455ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
456ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddc0000 'C:\Windows\system32\Wintrust.dll'
457ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
458ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
459ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
460ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
461ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
462ac0.834: supR3HardenedDllNotificationCallback: load 000007fefd620000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
463ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
464ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\Windows\system32\CRYPTSP.dll'
465ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
466ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
467ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
468ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
469ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
470ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
471ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
472ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
473ac0.834: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
474ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
475ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\rsaenh.dll'
476ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
477ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
478ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
479ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
480ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
481ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
482ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
483ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
484ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
485ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
486ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
487ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
488ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
489ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
490ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
491ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
492ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
493ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
494ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
495ac0.834: supR3HardenedDllNotificationCallback: load 000007feff8c0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
496ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
497ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
498ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
499ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
500ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
501ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
502ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
503ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
504ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
505ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
506ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
507ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
508ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
509ac0.834: supR3HardenedDllNotificationCallback: load 000007fefda90000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
510ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
511ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda90000 'C:\Windows\system32\CRYPTBASE.dll'
512ac0.834: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
513ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
514ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
515ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
516ac0.834: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\Windows\system32\WINTRUST.DLL' [rcNt=0xc0150008]
517ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
518ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
519ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddc0000 'C:\Windows\system32\WINTRUST.DLL'
520ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
521ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
522ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc50000 'C:\Windows\system32\CRYPT32.dll'
523ac0.834: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\Windows\system32\imagehlp.dll' [rcNt=0xc0150008]
524ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
525ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
526ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
527ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
528ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
529ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
530ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
531ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
532ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
533ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
534ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
535ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
536ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe790000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
537ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
538ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'C:\Windows\system32\imagehlp.dll'
539ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
540ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
541ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
542ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\Windows\system32\CRYPTSP.dll'
543ac0.834: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\Windows\system32\USER32.dll' [rcNt=0xc0150008]
544ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
545ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
546ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
547ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
548ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
549ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
550ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
551ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
552ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
553ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
554ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
555ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
556ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
557ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
558ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
559ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
560ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
561ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
562ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
563ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
564ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
565ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
566ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
567ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
568ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
569ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
570ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
571ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
572ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
573ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
574ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
575ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
576ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
577ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
578ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
579ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
580ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
581ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
582ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
583ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
584ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
585ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
586ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
587ac0.834: supR3HardenedDllNotificationCallback: load 0000000077640000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
588ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
589ac0.834: supR3HardenedDllNotificationCallback: load 000007feff8e0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
590ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
591ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe450000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
592ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
593ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe060000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
594ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
595ac0.834: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008]
596ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
597ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
598ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8e0000 'C:\Windows\system32\gdi32.dll'
599ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
600ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
601ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
602ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
603ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
604ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
605ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
606ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
607ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
608ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
609ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
610ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
611ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
612ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
613ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
614ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
615ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
616ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
617ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
618ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
619ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
620ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
621ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
622ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
623ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
624ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
625ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
626ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
627ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
628ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
629ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
630ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
631ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
632ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe240000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
633ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
634ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe130000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
635ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
636ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe240000 'C:\Windows\system32\IMM32.DLL'
637ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\USER32.dll'
638ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\Windows\system32\ncrypt.dll' [rcNt=0xc0150008]
639ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
640ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
641ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
642ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
643ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
644ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
645ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
646ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
647ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
648ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
649ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
650ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
651ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
652ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
653ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
654ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
655ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
656ac0.834: supR3HardenedDllNotificationCallback: load 000007fefd590000 LB 0x0004d000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
657ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
658ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
659ac0.834: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
660ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
661ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd590000 'C:\Windows\system32\ncrypt.dll'
662ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
663ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
664ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
665ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
666ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
667ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
668ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
669ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
670ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
671ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
672ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
673ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
674ac0.834: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
675ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
676ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\bcryptprimitives.dll'
677ac0.834: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\Windows\system32\bcrypt.dll' [rcNt=0xc0150008]
678ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
679ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
680ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\Windows\system32\bcrypt.dll'
681ac0.834: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\Windows\system32\USERENV.dll' [rcNt=0xc0150008]
682ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
683ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
684ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
685ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
686ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
687ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
688ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
689ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
690ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
691ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
692ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
693ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
694ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
695ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
696ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
697ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
698ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
699ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
700ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
701ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
702ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
703ac0.834: supR3HardenedDllNotificationCallback: load 000007fefcee0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
704ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
705ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
706ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
707ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
708ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\USERENV.dll'
709ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
710ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
711ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
712ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
713ac0.834: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\Windows\system32\GPAPI.dll' [rcNt=0xc0150008]
714ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
715ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
716ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
717ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
718ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
719ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
720ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
721ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
722ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
723ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
724ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
725ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
726ac0.834: supR3HardenedDllNotificationCallback: load 000007fefcec0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
727ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
728ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcec0000 'C:\Windows\system32\GPAPI.dll'
729ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
730ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
731ac0.834: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008]
732ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
733ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
734ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe880000 'C:\Windows\system32\rpcrt4.dll'
735ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
736ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
737ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
738ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
739ac0.834: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
740ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
741ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
742ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
743ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
744ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
745ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
746ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
747ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
748ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
749ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
750ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
751ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
752ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
753ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
754ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
755ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
756ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
757ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
758ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
759ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
760ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
761ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
762ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
763ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
764ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765ac0.834: supR3HardenedDllNotificationCallback: load 000007fefa880000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
766ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
767ac0.834: supR3HardenedDllNotificationCallback: load 000007feff9f0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
768ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
769ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
770ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
771ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
772ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
773ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
774ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
775ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
777ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
778ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
779ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
780ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
781ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
783ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
784ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
786ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
787ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
789ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
790ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
792ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
793ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
795ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
796ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
797ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
798ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
799ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
801ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
802ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
803ac0.834: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
804ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
805ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
806ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa880000 'C:\Windows\system32\cryptnet.dll'
807ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
808ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
809ac0.834: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\Windows\system32\profapi.dll' [rcNt=0xc0150008]
810ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
811ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
812ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\profapi.dll'
813ac0.834: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\Windows\system32\SHLWAPI.dll' [rcNt=0xc0150008]
814ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
815ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
816ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
817ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
818ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
819ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
820ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
821ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
822ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
823ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
824ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
825ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
826ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
827ac0.834: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
828ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
829ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
830ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe7b0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
831ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
832ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\SHLWAPI.dll'
833ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
834ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000083b010
835ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
836ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7997EF6A3B19ED6821CE62B530063268EEA69FB
837ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
838ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
839ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
840ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
841ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
842ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
843ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
844ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
845ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
846ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
847ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
848ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
849ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
850ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
851ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2644615~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
852ac0.834: g_pfnWinVerifyTrust=000007fefddc1010
853ac0.834: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
854ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
855ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
856ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
857ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F4982E5F19EEC9EA72436D469FB5B41639FB6890
858ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
859ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
860ac0.834: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
861ac0.834: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
862ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
863ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
864ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
865ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBD5D88D100825A4A22743B0FD6EF53BF9B657CA
866ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
867ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
868ac0.834: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
869ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000368 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
870ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
871ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
872ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
873ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
874ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
875ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
876ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000360 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
877ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
878ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
879ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
880ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
881ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
882ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
883ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000035c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
884ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
885ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
886ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0763F1478C58F0F99A6A6E775E5D3BF96015915
887ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
888ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
889ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
890ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000250 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
891ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
892ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
893ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
894ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
895ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
896ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
897ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
898ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
899ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
900ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
901ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
902ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
903ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
904ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
905ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
906ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
907ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
908ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
909ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
910ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
911ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
912ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
913ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
914ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
915ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
916ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
917ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
918ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
919ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
920ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
921ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
922ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79EA9CBEF21789D2261F797DD2A1624A054306AB
923ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_51_for_KB3003743~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
924ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
925ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
926ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
927ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
928ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
929ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
930ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
931ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
932ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
933ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
934ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
935ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
936ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
937ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
938ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
939ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
940ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
941ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
942ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
943ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
944ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
945ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
946ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
947ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
948ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
949ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
950ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
951ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
952ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
953ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
954ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000160 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
955ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
956ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
957ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
958ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
959ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
960ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
961ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000015c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
962ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
963ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
964ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
965ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
966ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
967ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
968ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000158 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
969ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
970ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
971ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0A0F84DD55507C56A273E145872B7ECBEDE3F5
972ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
973ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
974ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
975ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
976ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
977ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
978ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
979ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
980ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
981ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
982ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
983ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
984ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
985ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
986ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
987ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
988ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
989ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
990ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
991ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
992ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
993ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
994ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
995ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
996ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
997ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
998ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
999ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1000ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1001ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1002ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1003ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1004ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1005ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1006ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1007ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1008ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1009ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1010ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1011ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1012ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1013ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1014ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1015ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1016ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1017ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1018ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1019ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1020ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1021ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1022ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1023ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1024ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1025ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1026ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1027ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1028ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1029ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A614496C1431F8A486840AAD1AD5721C231022BC
1030ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2922229~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1031ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1032ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1033ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1034ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1035ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1036ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1037ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2922229~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1038ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1039ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1040ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1041ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000008b5950:C:\Windows\system32 [calling]
1042ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc50000 'C:\Windows\system32\crypt32.dll'
1043ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1044ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1045ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1046ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1047ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1048ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1049ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1050ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1051ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1052ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1053ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1054ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1055ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1056ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1057ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1058ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1059ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1060ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1061ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1062ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1063ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1064ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1065ac0.834: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1066ac0.834: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=23
1067ac0.834: SUPR3HardenedMain: Load Runtime...
1068ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1069ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1070ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1071ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1072ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1073ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1074ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1075ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1076ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1077ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1078ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1079ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1080ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1081ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1082ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1083ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1084ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1086ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1087ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1088ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1089ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1090ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1091ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1092ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1093ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1094ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1095ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1096ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1097ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1098ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1099ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1100ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1101ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1102ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1103ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1104ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1105ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1106ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1107ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1108ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1109ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1110ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1111ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1112ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1113ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1114ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1115ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1116ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1117ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1118ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1119ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1120ac0.834: supR3HardenedDllNotificationCallback: load 000007fef1590000 LB 0x0052f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1121ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1122ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1123ac0.834: supR3HardenedDllNotificationCallback: load 0000000074a80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1124ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1125ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1126ac0.834: supR3HardenedDllNotificationCallback: load 0000000074ba0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1127ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1128ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe830000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1129ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1130ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe050000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1131ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1132ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1133ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1134ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1136ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1137ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1139ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1140ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1142ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1143ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1144ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1145ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1146ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1148ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1149ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1151ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1152ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1154ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1155ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1157ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1158ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1160ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1161ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1163ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1164ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1166ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1167ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1169ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1170ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1172ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1173ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1176ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1178ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1179ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1181ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1182ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1183ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1184ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1185ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1186ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1187ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1188ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1189ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1190ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1191ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1192ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1193ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1194ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1195ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1196ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1197ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1198ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1199ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1200ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1201ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1202ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1203ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1204ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1205ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1206ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1207ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1208ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1209ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1210ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1211ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1212ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1213ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1214ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1215ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1216ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1217ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1218ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1219ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1220ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1221ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1222ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1223ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1224ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1225ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1226ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000008240d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1227ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1228ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1229ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1230ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=00000000007014e0:C:\Windows\system32 [calling]
1231ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddc0000 'C:\Windows\system32\Wintrust.dll'
1232ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1233ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000007014e0:C:\Windows\system32 [calling]
1234ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc50000 'C:\Windows\system32\crypt32.dll'
1235ac0.834: SUPR3HardenedMain: Load TrustedMain...
1236ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1237ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1238ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1239ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1240ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1241ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1242ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1243ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1244ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1245ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1246ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1247ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1248ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1249ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1250ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1251ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1252ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1253ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1254ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1255ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1256ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1257ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1258ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1259ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1260ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1261ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1262ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1263ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1264ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1265ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1266ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1267ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1268ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1269ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1270ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1271ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1272ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1273ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1274ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1275ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1276ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1277ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1278ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1279ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1280ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1281ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1282ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1283ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1284ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1285ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1286ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1287ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
1288ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1289ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1290ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1291ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1292ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1293ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1294ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1295ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1296ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1297ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1298ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1299ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1300ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1301ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1302ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1303ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1304ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1305ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1306ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1307ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1308ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1309ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1310ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1311ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1312ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1313ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1314ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1315ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1316ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D2B9E4AAFE9D12E620CDBC2110311184C724E72
1317ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2868116~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1318ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1319ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1320ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1321ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1322ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1323ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1324ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1325ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1326ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1327ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1328ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1329ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1330ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1331ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1332ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1333ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1334ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1335ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1336ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1337ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1338ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1339ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1340ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1341ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1342ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1343ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1344ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1345ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1346ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1347ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1348ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1349ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1350ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1351ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1352ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1353ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1354ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1355ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1356ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1357ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1358ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1359ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1360ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1361ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1362ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1363ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1364ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1365ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1366ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1367ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1368ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1369ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1370ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1371ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1372ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1373ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1374ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1375ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1376ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1377ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1378ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1379ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1380ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1381ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1382ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1383ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1384ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1385ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1386ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1387ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1388ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1389ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1390ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1391ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1392ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1393ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1394ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1395ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1396ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1397ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1398ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1399ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1400ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1401ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1402ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1403ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1404ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1405ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1406ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1407ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1408ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1409ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1410ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1411ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1412ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1413ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1414ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1415ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1416ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1417ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1418ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1419ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1420ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1421ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1422ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1423ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1424ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1425ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1426ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1427ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1428ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1429ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1430ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1431ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1432ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1433ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1434ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1435ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1436ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1437ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1438ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1439ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1440ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1441ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1442ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1443ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1444ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1445ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1446ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1447ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1448ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1449ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1450ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1451ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1452ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1453ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1454ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1455ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1456ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1457ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1458ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1459ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1460ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1461ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1462ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1463ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1464ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1465ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1466ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1467ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1468ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1469ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1470ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1471ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1472ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1473ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1474ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1475ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1476ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1477ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1478ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1479ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1480ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1481ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1482ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1483ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1484ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1485ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1486ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1487ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1488ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1489ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1490ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1491ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1492ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1493ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1494ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1495ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1496ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1497ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1498ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1499ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1500ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1501ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1502ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1503ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1504ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1505ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1506ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1507ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1508ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1509ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1510ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1511ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1512ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1513ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1514ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1515ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1516ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1517ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1518ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1519ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1520ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1521ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1522ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1523ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1524ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1525ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1526ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1527ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1528ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1529ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1530ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1531ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1532ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1533ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1534ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1535ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1536ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1537ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1538ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1539ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1540ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1541ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1542ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1543ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1544ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1545ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1546ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1547ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1548ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1549ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1550ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1551ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1552ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1553ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1554ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1555ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1556ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1557ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1558ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1559ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1560ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1561ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1562ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1563ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1564ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1565ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1566ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1567ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1568ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1569ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1570ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1571ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1572ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1573ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1574ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1575ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1576ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1577ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1578ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1579ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1580ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1581ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1582ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1583ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1584ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1585ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1586ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1587ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1588ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1589ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1590ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1591ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1592ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1593ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1594ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1595ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1596ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1597ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1598ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1599ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1600ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1601ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1602ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1603ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1604ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1605ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1606ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1607ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1608ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1609ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1610ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1611ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1612ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1613ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1614ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1615ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1616ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1617ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1618ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1619ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1620ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1623ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1624ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1625ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1626ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1627ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1628ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1629ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1630ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1631ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1632ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1633ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1634ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1635ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1636ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1637ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1638ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1639ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1640ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1641ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1642ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1643ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1644ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1645ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1646ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1647ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1648ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1649ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1650ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1651ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1652ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1653ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1654ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1655ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1656ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1657ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1658ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1659ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1660ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1661ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1662ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1663ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1664ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1665ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1666ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1667ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1668ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1669ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1670ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1671ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1672ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1673ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1674ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1675ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1676ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
1677ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1678ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1679ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1680ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1681ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1682ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1683ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1684ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1685ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1686ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1687ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1688ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1689ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1690ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1691ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1692ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1693ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1695ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1696ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1697ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1698ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1699ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1700ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1701ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1702ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1703ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1704ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1705ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1706ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1707ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1708ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1709ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1710ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1711ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1712ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1713ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1714ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1715ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1716ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1717ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1718ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1719ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1720ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1721ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1722ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1723ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1724ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1725ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1726ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1727ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1728ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1729ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1730ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1731ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1732ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1733ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1734ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1735ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1736ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1737ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1738ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1739ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1740ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1741ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1742ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1743ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1744ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1745ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1746ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1747ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1748ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1749ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1750ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1751ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1752ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1753ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1754ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1755ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1756ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1757ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1758ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1759ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1760ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1761ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1762ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1763ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1764ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1765ac0.834: supR3HardenedDllNotificationCallback: load 000007fef0340000 LB 0x00872000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1766ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1767ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1768ac0.834: supR3HardenedDllNotificationCallback: load 000007fef3210000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1769ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1770ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1771ac0.834: supR3HardenedDllNotificationCallback: load 000007fef3a50000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1772ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1773ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1774ac0.834: supR3HardenedDllNotificationCallback: load 000007fef2400000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1775ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1776ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1777ac0.834: supR3HardenedDllNotificationCallback: load 000007fef8400000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1778ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1779ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe270000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1780ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1781ac0.834: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1782ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1783ac0.834: supR3HardenedDllNotificationCallback: load 000007feff740000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1784ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1785ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe580000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1786ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1787ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdee0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1788ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1789ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1790ac0.834: supR3HardenedDllNotificationCallback: load 000007fefbe70000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1791ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1792ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1793ac0.834: supR3HardenedDllNotificationCallback: load 0000000074310000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1794ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1795ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1796ac0.834: supR3HardenedDllNotificationCallback: load 00000000703f0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1797ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1798ac0.834: supR3HardenedDllNotificationCallback: load 000007feff820000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1799ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1800ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1801ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1802ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1803ac0.834: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
1804ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1805ac0.834: supR3HardenedDllNotificationCallback: load 000007fef8450000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
1806ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
1807ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe9b0000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1808ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1809ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1810ac0.834: supR3HardenedDllNotificationCallback: load 000007fefb710000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1811ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1812ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1813ac0.834: supR3HardenedDllNotificationCallback: load 000007fef8fe0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1814ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1815ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1816ac0.834: supR3HardenedDllNotificationCallback: load 0000000074970000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1817ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1818ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1819ac0.834: supR3HardenedDllNotificationCallback: load 0000000074890000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1820ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1821ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1822ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1823ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1824ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1825ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'
1826ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1827ac0.834: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'
1828ac0.834: supR3HardenedMonitor_LdrLoadDll: 'imm32.dll' -> 'C:\Windows\system32\imm32.dll' [rcNt=0xc0150008]
1829ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1830ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1831ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1832ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1833ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1834ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1835ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1836ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1837ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1838ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1839ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll *pfFlags=0x0 pwszSearchPath=000000000087fd00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1840ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe240000 'C:\Windows\system32\imm32.dll'
1841ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0340000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1842ac0.834: SUPR3HardenedMain: Calling TrustedMain (000007fef0341ca0)...
1843ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1844ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1845ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\winmm.dll'
1846ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000055c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1847ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1848ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1849ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1850ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1851ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1852ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1853ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1854ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1855ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
1856ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1857ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1858ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1859ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1860ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1861ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1862ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1863ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1864ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1865ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1866ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000091f6a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1867ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1868ac0.834: supR3HardenedDllNotificationCallback: load 000007fefc3b0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1869ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1870ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1871ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1872ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000091f6a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1873ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1874ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1875ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000091fac0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1876ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1877ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1878ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000091fac0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1879ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1880ac0.834: supR3HardenedMonitor_LdrLoadDll: 'dwmapi.dll' -> 'C:\Windows\system32\dwmapi.dll' [rcNt=0xc0150008]
1881ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1882ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1883ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe70000 'C:\Windows\system32\dwmapi.dll'
1884ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
1885ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1886ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1887ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda90000 'C:\Windows\system32\CRYPTBASE.dll'
1888ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1889ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1890ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9b0000 'C:\Windows\system32\shell32.dll'
1891ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1892ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1893ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
1894ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1895ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1896ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1897ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1898ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1899ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1900ac0.834: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll)
1901ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1902ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1903ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1904ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1905ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\user32.dll'
1906ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1907ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1908ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\Windows\system32\uxtheme.dll'
1909ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1910ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1911ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\user32.dll'
1912ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1913ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1914ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\advapi32.dll'
1915ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1916ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1917ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\userenv.dll'
1918ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1919ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1920ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
1921ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CLBCatQ.DLL' -> 'C:\Windows\system32\CLBCatQ.DLL' [rcNt=0xc0150008]
1922ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1923ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1924ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1925ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1926ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1927ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1928ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1929ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1930ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1931ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1932ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1933ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1934ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
1935ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1936ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1937ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1938ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1939ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1940ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1941ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1942ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1943ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1944ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1945ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1946ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1947ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1948ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1949ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1950ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1951ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1952ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1953ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1954ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL *pfFlags=0x0 pwszSearchPath=000000000087fac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1955ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1956ac0.834: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1957ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1958ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4e0000 'C:\Windows\system32\CLBCatQ.DLL'
1959ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
1960ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1961ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000880060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1962ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
1963ac0.834: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
1964ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1965ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=000000000087ff40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1966ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\Windows\system32\CRYPTSP.dll'
1967ac0.834: supR3HardenedMonitor_LdrLoadDll: 'RpcRtRemote.dll' -> 'C:\Windows\system32\RpcRtRemote.dll' [rcNt=0xc0150008]
1968ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d0 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1969ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1970ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1971ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1972ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1973ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1974ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1975ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
1976ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1977ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1978ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1979ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1980ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll *pfFlags=0x0 pwszSearchPath=000000000087ff40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1981ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1982ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdb40000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1983ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1984ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\RpcRtRemote.dll'
1985ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1986ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll *pfFlags=0x0 pwszSearchPath=000000000091fac0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1987ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\oleaut32.dll'
1988ac0.834: supR3HardenedMonitor_LdrLoadDll: 'SXS.DLL' -> 'C:\Windows\system32\SXS.DLL' [rcNt=0xc0150008]
1989ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f4 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1990ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
1991ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
1992ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
1993ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1994ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1995ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
1996ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1997ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL *pfFlags=0x0 pwszSearchPath=00000000008800f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1998ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1999ac0.834: supR3HardenedDllNotificationCallback: load 000007fefdaa0000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2000ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2001ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\SXS.DLL'
2002ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
2003ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2004ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000008800f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2005ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
2006ac0.834: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008]
2007ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2008ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000008807b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2009ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\OLEAUT32.dll'
2010ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
2011ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2012ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000880720:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2013ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
2014ac0.834: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll)
2015ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000880720:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2016ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2017ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2018ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000880720:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2019ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8e0000 'C:\Windows\system32\gdi32.dll'
2020ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2021ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2022ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2023ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2024ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2025ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2026ac0.390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2027ac0.390: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
2028ac0.390: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2029ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2030ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2031ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2032ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2033ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2034ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2035ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2036ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2037ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2038ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2039ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2040ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2041ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2042ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2043ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
2044ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2045ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2046ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2047ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2048ac0.390: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2049ac0.390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2050ac0.390: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll *pfFlags=0x0 pwszSearchPath=000000000088dd80:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2051ac0.390: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2052ac0.390: supR3HardenedDllNotificationCallback: load 000007fef1b00000 LB 0x004e7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2053ac0.390: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2054ac0.390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b00000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2055ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2056ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000880570:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2057ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\user32.dll'
2058ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2059ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000880840:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2060ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9b0000 'C:\Windows\system32\shell32.dll'
2061ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2062ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000880840:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2063ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe580000 'C:\Windows\system32\ole32.dll'
2064ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2065ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll *pfFlags=0x0 pwszSearchPath=000000000091fb70:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2066ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\MSCTF.dll'
2067ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2068ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000880600:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2069ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9b0000 'C:\Windows\system32\shell32.dll'
2070ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2071ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000880600:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2072ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9b0000 'C:\Windows\system32\shell32.dll'
2073ac0.834: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008]
2074ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2075ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000880600:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2076ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe580000 'C:\Windows\system32\ole32.dll'
2077ac0.834: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008]
2078ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2079ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000880600:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2080ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\OLEAUT32.dll'
2081ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2082ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
2083ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
2084ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2085ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2086ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2087ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2088ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2089ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2090ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2091ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2092ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2093ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
2094ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2095ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2096ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2097ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2098ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2099ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2100ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2101ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2102ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2103ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2104ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2105ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2106ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2107ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2108ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2109ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2110ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
2111ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
2112ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2113ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2114ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2115ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2116ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2117ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2118ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2119ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2120ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
2121ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2122ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2123ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2124ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2125ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2126ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2127ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2128ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2129ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2130ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2131ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2132ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2133ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2134ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2135ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2136ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2137ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2138ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2139ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2140ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll *pfFlags=0x0 pwszSearchPath=0000000000863e70:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2141ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2142ac0.834: supR3HardenedDllNotificationCallback: load 000007fef9d70000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2143ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2144ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2145ac0.834: supR3HardenedDllNotificationCallback: load 000007fefa020000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2146ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2147ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d70000 'C:\Windows\system32\wbem\wbemprox.dll'
2148ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2149ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
2150ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
2151ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2152ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2153ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2154ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2155ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2156ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2157ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2158ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2159ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2160ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2161ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2162ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2163ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2164ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000863e70:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2165ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2166ac0.834: supR3HardenedDllNotificationCallback: load 000007fef9b40000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2167ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2168ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9b40000 'C:\Windows\system32\wbem\wbemsvc.dll'
2169ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2170ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
2171ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
2172ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2173ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2174ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2175ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2176ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2177ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2178ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2179ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2180ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2181ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2182ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2183ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2184ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2185ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2186ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000083b010
2187ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000083b010
2188ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2189ac0.834: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2190ac0.834: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2191ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2192ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2193ac0.834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2194ac0.834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
2195ac0.834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2196ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2197ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2198ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2199ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2200ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2201ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2202ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2203ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2204ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2205ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2206ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2207ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2208ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2209ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2210ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2211ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2212ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2213ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2214ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2215ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2216ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2217ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2218ac0.834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2219ac0.834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2220ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll *pfFlags=0x0 pwszSearchPath=0000000000863e70:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2221ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2222ac0.834: supR3HardenedDllNotificationCallback: load 000007fef9e50000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2223ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2224ac0.834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2225ac0.834: supR3HardenedDllNotificationCallback: load 000007fef9dd0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2226ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2227ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9e50000 'C:\Windows\system32\wbem\fastprox.dll'
2228ac0.834: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008]
2229ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2230ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000034c23d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2231ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\OLEAUT32.dll'
2232ac0.834: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [redir]
2233ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
2234ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll *pfFlags=0x0 pwszSearchPath=00000000034c28e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2235ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8450000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'
2236ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2237ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll *pfFlags=0x0 pwszSearchPath=00000000034c28e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2238ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\WINMM.dll'
2239ac0.834: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.DLL' -> 'C:\Windows\system32\OLEAUT32.DLL' [rcNt=0xc0150008]
2240ac0.834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2241ac0.834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL *pfFlags=0x0 pwszSearchPath=00000000034c2340:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2242ac0.834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\OLEAUT32.DLL'
2243ac0.350: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008]
2244ac0.350: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2245ac0.350: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000034c2340:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2246ac0.350: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff740000 'C:\Windows\system32\OLEAUT32.dll'
2247ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fef9e50000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2248ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fef9dd0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2249ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fef9b40000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2250ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fef9d70000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2251ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fefa020000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2252ac0.834: supR3HardenedDllNotificationCallback: Unload 000007fef1b00000 LB 0x004e7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2253ac0.834: Terminating the normal way: rcExit=0
2254a9c.bc4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1687 ms, the end);
22555c4.724: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2036 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy