VirtualBox

Ticket #13654: VBoxStartup.log

File VBoxStartup.log, 275.9 KB (added by ryee, 10 years ago)
Line 
111c0.15b0: Log file opened: 4.3.18r96516 g_hStartupLog=00000000000000b0 g_uNtVerCombined=0x611db110
211c0.15b0: \SystemRoot\System32\ntdll.dll:
311c0.15b0: CreationTime: 2013-10-28T14:31:18.569121400Z
411c0.15b0: LastWriteTime: 2013-08-29T02:16:35.515578900Z
511c0.15b0: ChangeTime: 2013-10-28T14:41:24.057904700Z
611c0.15b0: FileAttributes: 0x20
711c0.15b0: Size: 0x1a6dc0
811c0.15b0: NT Headers: 0xe0
911c0.15b0: Timestamp: 0x521eaf24
1011c0.15b0: Machine: 0x8664 - amd64
1111c0.15b0: Timestamp: 0x521eaf24
1211c0.15b0: Image Version: 6.1
1311c0.15b0: SizeOfImage: 0x1a9000 (1740800)
1411c0.15b0: Resource Dir: 0x151000 LB 0x560d8
1511c0.15b0: ProductName: Microsoft® Windows® Operating System
1611c0.15b0: ProductVersion: 6.1.7601.18247
1711c0.15b0: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
1811c0.15b0: FileDescription: NT Layer DLL
1911c0.15b0: \SystemRoot\System32\kernel32.dll:
2011c0.15b0: CreationTime: 2014-05-03T10:14:41.056671400Z
2111c0.15b0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2211c0.15b0: ChangeTime: 2014-05-03T11:24:01.371356000Z
2311c0.15b0: FileAttributes: 0x20
2411c0.15b0: Size: 0x11c000
2511c0.15b0: NT Headers: 0xe8
2611c0.15b0: Timestamp: 0x5315a059
2711c0.15b0: Machine: 0x8664 - amd64
2811c0.15b0: Timestamp: 0x5315a059
2911c0.15b0: Image Version: 6.1
3011c0.15b0: SizeOfImage: 0x11f000 (1175552)
3111c0.15b0: Resource Dir: 0x116000 LB 0x528
3211c0.15b0: ProductName: Microsoft® Windows® Operating System
3311c0.15b0: ProductVersion: 6.1.7601.18409
3411c0.15b0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3511c0.15b0: FileDescription: Windows NT BASE API Client DLL
3611c0.15b0: \SystemRoot\System32\KernelBase.dll:
3711c0.15b0: CreationTime: 2014-05-15T13:55:57.116361600Z
3811c0.15b0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3911c0.15b0: ChangeTime: 2014-05-15T14:13:34.435418800Z
4011c0.15b0: FileAttributes: 0x20
4111c0.15b0: Size: 0x67c00
4211c0.15b0: NT Headers: 0xe8
4311c0.15b0: Timestamp: 0x5315a05a
4411c0.15b0: Machine: 0x8664 - amd64
4511c0.15b0: Timestamp: 0x5315a05a
4611c0.15b0: Image Version: 6.1
4711c0.15b0: SizeOfImage: 0x6c000 (442368)
4811c0.15b0: Resource Dir: 0x6a000 LB 0x530
4911c0.15b0: ProductName: Microsoft® Windows® Operating System
5011c0.15b0: ProductVersion: 6.1.7601.18409
5111c0.15b0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
5211c0.15b0: FileDescription: Windows NT BASE API Client DLL
5311c0.15b0: \SystemRoot\System32\apisetschema.dll:
5411c0.15b0: CreationTime: 2013-09-27T12:41:38.148499800Z
5511c0.15b0: LastWriteTime: 2013-08-02T02:12:20.275000000Z
5611c0.15b0: ChangeTime: 2013-09-27T13:02:25.378496900Z
5711c0.15b0: FileAttributes: 0x20
5811c0.15b0: Size: 0x1a00
5911c0.15b0: NT Headers: 0xc0
6011c0.15b0: Timestamp: 0x51fb15ca
6111c0.15b0: Machine: 0x8664 - amd64
6211c0.15b0: Timestamp: 0x51fb15ca
6311c0.15b0: Image Version: 6.1
6411c0.15b0: SizeOfImage: 0x50000 (327680)
6511c0.15b0: Resource Dir: 0x30000 LB 0x3f8
6611c0.15b0: ProductName: Microsoft® Windows® Operating System
6711c0.15b0: ProductVersion: 6.1.7601.18229
6811c0.15b0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6911c0.15b0: FileDescription: ApiSet Schema DLL
7011c0.15b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7111c0.15b0: supR3HardenedWinFindAdversaries: 0x4
7211c0.15b0: \SystemRoot\System32\drivers\aswHwid.sys:
7311c0.15b0: CreationTime: 2014-04-25T12:36:58.393861100Z
7411c0.15b0: LastWriteTime: 2014-07-20T02:28:18.591222800Z
7511c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
7611c0.15b0: FileAttributes: 0x20
7711c0.15b0: Size: 0x7218
7811c0.15b0: NT Headers: 0xe8
7911c0.15b0: Timestamp: 0x53ac048e
8011c0.15b0: Machine: 0x8664 - amd64
8111c0.15b0: Timestamp: 0x53ac048e
8211c0.15b0: Image Version: 6.0
8311c0.15b0: SizeOfImage: 0xa000 (40960)
8411c0.15b0: Resource Dir: 0x8000 LB 0x460
8511c0.15b0: ProductName: avast! Antivirus
8611c0.15b0: ProductVersion: 9.0.2021.515
8711c0.15b0: FileVersion: 9.0.2021.515
8811c0.15b0: SpecialBuild: feb2012
8911c0.15b0: PrivateBuild: 0SpecialBuild
9011c0.15b0: FileDescription: avast! HWID
9111c0.15b0: \SystemRoot\System32\drivers\aswMonFlt.sys:
9211c0.15b0: CreationTime: 2013-01-30T14:27:27.441105800Z
9311c0.15b0: LastWriteTime: 2014-07-20T02:28:18.626223400Z
9411c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
9511c0.15b0: FileAttributes: 0x20
9611c0.15b0: Size: 0x13550
9711c0.15b0: NT Headers: 0xe0
9811c0.15b0: Timestamp: 0x53ac04e3
9911c0.15b0: Machine: 0x8664 - amd64
10011c0.15b0: Timestamp: 0x53ac04e3
10111c0.15b0: Image Version: 6.0
10211c0.15b0: SizeOfImage: 0x22000 (139264)
10311c0.15b0: Resource Dir: 0x20000 LB 0x3b8
10411c0.15b0: ProductName: avast! Antivirus
10511c0.15b0: ProductVersion: 9.0.2021.515
10611c0.15b0: FileVersion: 9.0.2021.515
10711c0.15b0: FileDescription: avast! File System Minifilter for Windows 2003/Vista
10811c0.15b0: \SystemRoot\System32\drivers\aswRdr2.sys:
10911c0.15b0: CreationTime: 2013-01-30T14:27:36.598321800Z
11011c0.15b0: LastWriteTime: 2014-07-20T02:28:18.386220900Z
11111c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
11211c0.15b0: FileAttributes: 0x20
11311c0.15b0: Size: 0x16d80
11411c0.15b0: NT Headers: 0xf0
11511c0.15b0: Timestamp: 0x53ac0508
11611c0.15b0: Machine: 0x8664 - amd64
11711c0.15b0: Timestamp: 0x53ac0508
11811c0.15b0: Image Version: 6.1
11911c0.15b0: SizeOfImage: 0x1a000 (106496)
12011c0.15b0: Resource Dir: 0x18000 LB 0x3a0
12111c0.15b0: ProductName: avast! Antivirus
12211c0.15b0: ProductVersion: 9.0.2021.515
12311c0.15b0: FileVersion: 9.0.2021.515 built by: WinDDK
12411c0.15b0: FileDescription: avast! WFP Redirect Driver
12511c0.15b0: \SystemRoot\System32\drivers\aswRvrt.sys:
12611c0.15b0: CreationTime: 2013-03-16T07:11:43.618878800Z
12711c0.15b0: LastWriteTime: 2014-07-20T02:28:18.661223900Z
12811c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
12911c0.15b0: FileAttributes: 0x20
13011c0.15b0: Size: 0x100f0
13111c0.15b0: NT Headers: 0xf8
13211c0.15b0: Timestamp: 0x53ac058b
13311c0.15b0: Machine: 0x8664 - amd64
13411c0.15b0: Timestamp: 0x53ac058b
13511c0.15b0: Image Version: 6.0
13611c0.15b0: SizeOfImage: 0x13000 (77824)
13711c0.15b0: Resource Dir: 0x11000 LB 0x468
13811c0.15b0: ProductName: avast! Antivirus
13911c0.15b0: ProductVersion: 9.0.2021.515
14011c0.15b0: FileVersion: 9.0.2021.515
14111c0.15b0: SpecialBuild: feb2012
14211c0.15b0: PrivateBuild: 0SpecialBuild
14311c0.15b0: FileDescription: avast! Revert
14411c0.15b0: \SystemRoot\System32\drivers\aswSnx.sys:
14511c0.15b0: CreationTime: 2013-01-30T14:27:36.052320900Z
14611c0.15b0: LastWriteTime: 2014-11-22T05:27:25.705668500Z
14711c0.15b0: ChangeTime: 2014-11-22T05:27:25.705668500Z
14811c0.15b0: FileAttributes: 0x20
14911c0.15b0: Size: 0xfe310
15011c0.15b0: NT Headers: 0xe8
15111c0.15b0: Timestamp: 0x546f4916
15211c0.15b0: Machine: 0x8664 - amd64
15311c0.15b0: Timestamp: 0x546f4916
15411c0.15b0: Image Version: 6.0
15511c0.15b0: SizeOfImage: 0x102000 (1056768)
15611c0.15b0: Resource Dir: 0xfa000 LB 0x380
15711c0.15b0: ProductName: avast! Antivirus
15811c0.15b0: ProductVersion: 9.0.2021.539
15911c0.15b0: FileVersion: 9.0.2021.539
16011c0.15b0: FileDescription: avast! Virtualization Driver
16111c0.15b0: \SystemRoot\System32\drivers\aswsp.sys:
16211c0.15b0: CreationTime: 2013-01-30T14:27:37.456323300Z
16311c0.15b0: LastWriteTime: 2014-07-20T02:28:40.512536200Z
16411c0.15b0: ChangeTime: 2014-07-20T02:28:40.512536200Z
16511c0.15b0: FileAttributes: 0x20
16611c0.15b0: Size: 0x68560
16711c0.15b0: NT Headers: 0xf0
16811c0.15b0: Timestamp: 0x53b44384
16911c0.15b0: Machine: 0x8664 - amd64
17011c0.15b0: Timestamp: 0x53b44384
17111c0.15b0: Image Version: 6.0
17211c0.15b0: SizeOfImage: 0x6e000 (450560)
17311c0.15b0: Resource Dir: 0x6c000 LB 0x378
17411c0.15b0: ProductName: avast! Antivirus
17511c0.15b0: ProductVersion: 9.0.2021.522
17611c0.15b0: FileVersion: 9.0.2021.522
17711c0.15b0: FileDescription: avast! self protection module
17811c0.15b0: \SystemRoot\System32\drivers\aswStm.sys:
17911c0.15b0: CreationTime: 2014-01-10T12:26:58.386735800Z
18011c0.15b0: LastWriteTime: 2014-07-20T02:28:19.643737000Z
18111c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
18211c0.15b0: FileAttributes: 0x20
18311c0.15b0: Size: 0x16768
18411c0.15b0: NT Headers: 0x108
18511c0.15b0: Timestamp: 0x53ac083d
18611c0.15b0: Machine: 0x8664 - amd64
18711c0.15b0: Timestamp: 0x53ac083d
18811c0.15b0: Image Version: 6.2
18911c0.15b0: SizeOfImage: 0x19000 (102400)
19011c0.15b0: Resource Dir: 0x17000 LB 0x358
19111c0.15b0: ProductName: avast! Antivirus
19211c0.15b0: ProductVersion: 9.0.2021.515
19311c0.15b0: FileVersion: 9.0.2021.515
19411c0.15b0: FileDescription: Stream Filter
19511c0.15b0: \SystemRoot\System32\drivers\aswVmm.sys:
19611c0.15b0: CreationTime: 2013-03-16T07:11:44.101083700Z
19711c0.15b0: LastWriteTime: 2014-07-20T02:28:19.278731400Z
19811c0.15b0: ChangeTime: 2014-07-20T02:28:21.823269200Z
19911c0.15b0: FileAttributes: 0x20
20011c0.15b0: Size: 0x36e80
20111c0.15b0: NT Headers: 0xf0
20211c0.15b0: Timestamp: 0x53ac0595
20311c0.15b0: Machine: 0x8664 - amd64
20411c0.15b0: Timestamp: 0x53ac0595
20511c0.15b0: Image Version: 6.0
20611c0.15b0: SizeOfImage: 0x39000 (233472)
20711c0.15b0: Resource Dir: 0x36000 LB 0x470
20811c0.15b0: ProductName: avast! Antivirus
20911c0.15b0: ProductVersion: 9.0.2021.515
21011c0.15b0: FileVersion: 9.0.2021.515
21111c0.15b0: SpecialBuild: feb2012
21211c0.15b0: PrivateBuild: 0SpecialBuild
21311c0.15b0: FileDescription: avast! VM Monitor
21411c0.15b0: Calling main()
21511c0.15b0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
21611c0.15b0: SUPR3HardenedMain: Respawn #1
21711c0.15b0: System32: \Device\HarddiskVolume2\Windows\System32
21811c0.15b0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
21911c0.15b0: KnownDllPath: C:\Windows\system32
22011c0.15b0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
22111c0.15b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
22211c0.15b0: supR3HardNtEnableThreadCreation:
22311c0.15b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b3c340 pvNtTerminateThread=0000000077b617e0
22411c0.15b0: supR3HardenedWinDoReSpawn(1): New child 205c.2038 [kernel32].
22511c0.15b0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
22611c0.15b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b10000 uNtDllChildAddr=0000000077b10000
22711c0.15b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b3c340
22811c0.15b0: supR3HardenedWinSetupChildInit: Start child.
22911c0.15b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
23011c0.15b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 59 sleeps
23111c0.15b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
23211c0.15b0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
23311c0.15b0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
23411c0.15b0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
23511c0.15b0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
23611c0.15b0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
23711c0.15b0: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
23811c0.15b0: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
23911c0.15b0: 0000000000051000-fffffffffff01fff 0x0001/0x0000 0x0000000
24011c0.15b0: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
24111c0.15b0: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
24211c0.15b0: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
24311c0.15b0: 00000000002a0000-ffffffff88a2ffff 0x0001/0x0000 0x0000000
24411c0.15b0: *0000000077b10000-0000000077b0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24511c0.15b0: 0000000077b11000-0000000077a0efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24611c0.15b0: 0000000077c13000-0000000077be3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24711c0.15b0: 0000000077c42000-0000000077c39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24811c0.15b0: 0000000077c4a000-0000000077c48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24911c0.15b0: 0000000077c4b000-0000000077c47fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
25011c0.15b0: 0000000077c4e000-0000000077be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
25111c0.15b0: 0000000077cb9000-0000000070991fff 0x0001/0x0000 0x0000000
25211c0.15b0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
25311c0.15b0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
25411c0.15b0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
25511c0.15b0: 000000007fff0000-ffffffffc023ffff 0x0001/0x0000 0x0000000
25611c0.15b0: *000000013fda0000-000000013fd9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25711c0.15b0: 000000013fda1000-000000013fd1cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25811c0.15b0: 000000013fe25000-000000013fe23fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25911c0.15b0: 000000013fe26000-000000013fde8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26011c0.15b0: 000000013fe63000-000000013fe61fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26111c0.15b0: 000000013fe64000-000000013fe62fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26211c0.15b0: 000000013fe65000-000000013fe62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26311c0.15b0: 000000013fe67000-000000013fe65fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26411c0.15b0: 000000013fe68000-000000013fe66fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26511c0.15b0: 000000013fe69000-000000013fe64fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26611c0.15b0: 000000013fe6d000-000000013fe33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
26711c0.15b0: 000000013fea6000-fffff8037ff1bfff 0x0001/0x0000 0x0000000
26811c0.15b0: *000007feffe30000-000007feffe2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
26911c0.15b0: 000007feffe31000-000007fdffcc1fff 0x0001/0x0000 0x0000000
27011c0.15b0: *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
27111c0.15b0: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
27211c0.15b0: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
27311c0.15b0: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
27411c0.15b0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
27511c0.15b0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
27611c0.15b0: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
27711c0.15b0: VirtualBox.exe: timestamp 0x5439147c (rc=VINF_SUCCESS)
27811c0.15b0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
27911c0.15b0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
28011c0.15b0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
28111c0.15b0: supR3HardNtChildPurify: Done after 537 ms and 0 fixes (loop #0).
282205c.2038: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
283205c.2038: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b10000
28411c0.15b0: supR3HardNtEnableThreadCreation:
285205c.2038: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
286205c.2038: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1740800 allocation)
287205c.2038: System32: \Device\HarddiskVolume2\Windows\System32
288205c.2038: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
289205c.2038: KnownDllPath: C:\Windows\system32
290205c.2038: supR3HardenedVmProcessInit: Opening vboxdrv stub...
291205c.2038: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
292205c.2038: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
293205c.2038: Registered Dll notification callback with NTDLL.
294205c.2038: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
295205c.2038: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
296205c.2038: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
297205c.2038: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
298205c.2038: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
299205c.2038: supR3HardenedDllNotificationCallback: load 00000000778f0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
300205c.2038: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
301205c.2038: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
302205c.2038: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
303205c.2038: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
304205c.2038: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000778f0000 'C:\Windows\system32\kernel32.dll'
305205c.2038: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b3c340 pvNtTerminateThread=0000000077b617e0
30611c0.15b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 22 ms.
307205c.2038: \SystemRoot\System32\ntdll.dll:
308205c.2038: CreationTime: 2013-10-28T14:31:18.569121400Z
309205c.2038: LastWriteTime: 2013-08-29T02:16:35.515578900Z
310205c.2038: ChangeTime: 2013-10-28T14:41:24.057904700Z
311205c.2038: FileAttributes: 0x20
312205c.2038: Size: 0x1a6dc0
313205c.2038: NT Headers: 0xe0
314205c.2038: Timestamp: 0x521eaf24
315205c.2038: Machine: 0x8664 - amd64
316205c.2038: Timestamp: 0x521eaf24
317205c.2038: Image Version: 6.1
318205c.2038: SizeOfImage: 0x1a9000 (1740800)
319205c.2038: Resource Dir: 0x151000 LB 0x560d8
320205c.2038: ProductName: Microsoft® Windows® Operating System
321205c.2038: ProductVersion: 6.1.7601.18247
322205c.2038: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
323205c.2038: FileDescription: NT Layer DLL
324205c.2038: \SystemRoot\System32\kernel32.dll:
325205c.2038: CreationTime: 2014-05-03T10:14:41.056671400Z
326205c.2038: LastWriteTime: 2014-03-04T09:44:00.336000000Z
327205c.2038: ChangeTime: 2014-05-03T11:24:01.371356000Z
328205c.2038: FileAttributes: 0x20
329205c.2038: Size: 0x11c000
330205c.2038: NT Headers: 0xe8
331205c.2038: Timestamp: 0x5315a059
332205c.2038: Machine: 0x8664 - amd64
333205c.2038: Timestamp: 0x5315a059
334205c.2038: Image Version: 6.1
335205c.2038: SizeOfImage: 0x11f000 (1175552)
336205c.2038: Resource Dir: 0x116000 LB 0x528
337205c.2038: ProductName: Microsoft® Windows® Operating System
338205c.2038: ProductVersion: 6.1.7601.18409
339205c.2038: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
340205c.2038: FileDescription: Windows NT BASE API Client DLL
341205c.2038: \SystemRoot\System32\KernelBase.dll:
342205c.2038: CreationTime: 2014-05-15T13:55:57.116361600Z
343205c.2038: LastWriteTime: 2014-03-04T09:44:00.336000000Z
344205c.2038: ChangeTime: 2014-05-15T14:13:34.435418800Z
345205c.2038: FileAttributes: 0x20
346205c.2038: Size: 0x67c00
347205c.2038: NT Headers: 0xe8
348205c.2038: Timestamp: 0x5315a05a
349205c.2038: Machine: 0x8664 - amd64
350205c.2038: Timestamp: 0x5315a05a
351205c.2038: Image Version: 6.1
352205c.2038: SizeOfImage: 0x6c000 (442368)
353205c.2038: Resource Dir: 0x6a000 LB 0x530
354205c.2038: ProductName: Microsoft® Windows® Operating System
355205c.2038: ProductVersion: 6.1.7601.18409
356205c.2038: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
357205c.2038: FileDescription: Windows NT BASE API Client DLL
358205c.2038: \SystemRoot\System32\apisetschema.dll:
359205c.2038: CreationTime: 2013-09-27T12:41:38.148499800Z
360205c.2038: LastWriteTime: 2013-08-02T02:12:20.275000000Z
361205c.2038: ChangeTime: 2013-09-27T13:02:25.378496900Z
362205c.2038: FileAttributes: 0x20
363205c.2038: Size: 0x1a00
364205c.2038: NT Headers: 0xc0
365205c.2038: Timestamp: 0x51fb15ca
366205c.2038: Machine: 0x8664 - amd64
367205c.2038: Timestamp: 0x51fb15ca
368205c.2038: Image Version: 6.1
369205c.2038: SizeOfImage: 0x50000 (327680)
370205c.2038: Resource Dir: 0x30000 LB 0x3f8
371205c.2038: ProductName: Microsoft® Windows® Operating System
372205c.2038: ProductVersion: 6.1.7601.18229
373205c.2038: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
374205c.2038: FileDescription: ApiSet Schema DLL
375205c.2038: NtOpenDirectoryObject failed on \Driver: 0xc0000022
376205c.2038: supR3HardenedWinFindAdversaries: 0x4
377205c.2038: \SystemRoot\System32\drivers\aswHwid.sys:
378205c.2038: CreationTime: 2014-04-25T12:36:58.393861100Z
379205c.2038: LastWriteTime: 2014-07-20T02:28:18.591222800Z
380205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
381205c.2038: FileAttributes: 0x20
382205c.2038: Size: 0x7218
383205c.2038: NT Headers: 0xe8
384205c.2038: Timestamp: 0x53ac048e
385205c.2038: Machine: 0x8664 - amd64
386205c.2038: Timestamp: 0x53ac048e
387205c.2038: Image Version: 6.0
388205c.2038: SizeOfImage: 0xa000 (40960)
389205c.2038: Resource Dir: 0x8000 LB 0x460
390205c.2038: ProductName: avast! Antivirus
391205c.2038: ProductVersion: 9.0.2021.515
392205c.2038: FileVersion: 9.0.2021.515
393205c.2038: SpecialBuild: feb2012
394205c.2038: PrivateBuild: 0SpecialBuild
395205c.2038: FileDescription: avast! HWID
396205c.2038: \SystemRoot\System32\drivers\aswMonFlt.sys:
397205c.2038: CreationTime: 2013-01-30T14:27:27.441105800Z
398205c.2038: LastWriteTime: 2014-07-20T02:28:18.626223400Z
399205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
400205c.2038: FileAttributes: 0x20
401205c.2038: Size: 0x13550
402205c.2038: NT Headers: 0xe0
403205c.2038: Timestamp: 0x53ac04e3
404205c.2038: Machine: 0x8664 - amd64
405205c.2038: Timestamp: 0x53ac04e3
406205c.2038: Image Version: 6.0
407205c.2038: SizeOfImage: 0x22000 (139264)
408205c.2038: Resource Dir: 0x20000 LB 0x3b8
409205c.2038: ProductName: avast! Antivirus
410205c.2038: ProductVersion: 9.0.2021.515
411205c.2038: FileVersion: 9.0.2021.515
412205c.2038: FileDescription: avast! File System Minifilter for Windows 2003/Vista
413205c.2038: \SystemRoot\System32\drivers\aswRdr2.sys:
414205c.2038: CreationTime: 2013-01-30T14:27:36.598321800Z
415205c.2038: LastWriteTime: 2014-07-20T02:28:18.386220900Z
416205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
417205c.2038: FileAttributes: 0x20
418205c.2038: Size: 0x16d80
419205c.2038: NT Headers: 0xf0
420205c.2038: Timestamp: 0x53ac0508
421205c.2038: Machine: 0x8664 - amd64
422205c.2038: Timestamp: 0x53ac0508
423205c.2038: Image Version: 6.1
424205c.2038: SizeOfImage: 0x1a000 (106496)
425205c.2038: Resource Dir: 0x18000 LB 0x3a0
426205c.2038: ProductName: avast! Antivirus
427205c.2038: ProductVersion: 9.0.2021.515
428205c.2038: FileVersion: 9.0.2021.515 built by: WinDDK
429205c.2038: FileDescription: avast! WFP Redirect Driver
430205c.2038: \SystemRoot\System32\drivers\aswRvrt.sys:
431205c.2038: CreationTime: 2013-03-16T07:11:43.618878800Z
432205c.2038: LastWriteTime: 2014-07-20T02:28:18.661223900Z
433205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
434205c.2038: FileAttributes: 0x20
435205c.2038: Size: 0x100f0
436205c.2038: NT Headers: 0xf8
437205c.2038: Timestamp: 0x53ac058b
438205c.2038: Machine: 0x8664 - amd64
439205c.2038: Timestamp: 0x53ac058b
440205c.2038: Image Version: 6.0
441205c.2038: SizeOfImage: 0x13000 (77824)
442205c.2038: Resource Dir: 0x11000 LB 0x468
443205c.2038: ProductName: avast! Antivirus
444205c.2038: ProductVersion: 9.0.2021.515
445205c.2038: FileVersion: 9.0.2021.515
446205c.2038: SpecialBuild: feb2012
447205c.2038: PrivateBuild: 0SpecialBuild
448205c.2038: FileDescription: avast! Revert
449205c.2038: \SystemRoot\System32\drivers\aswSnx.sys:
450205c.2038: CreationTime: 2013-01-30T14:27:36.052320900Z
451205c.2038: LastWriteTime: 2014-11-22T05:27:25.705668500Z
452205c.2038: ChangeTime: 2014-11-22T05:27:25.705668500Z
453205c.2038: FileAttributes: 0x20
454205c.2038: Size: 0xfe310
455205c.2038: NT Headers: 0xe8
456205c.2038: Timestamp: 0x546f4916
457205c.2038: Machine: 0x8664 - amd64
458205c.2038: Timestamp: 0x546f4916
459205c.2038: Image Version: 6.0
460205c.2038: SizeOfImage: 0x102000 (1056768)
461205c.2038: Resource Dir: 0xfa000 LB 0x380
462205c.2038: ProductName: avast! Antivirus
463205c.2038: ProductVersion: 9.0.2021.539
464205c.2038: FileVersion: 9.0.2021.539
465205c.2038: FileDescription: avast! Virtualization Driver
466205c.2038: \SystemRoot\System32\drivers\aswsp.sys:
467205c.2038: CreationTime: 2013-01-30T14:27:37.456323300Z
468205c.2038: LastWriteTime: 2014-07-20T02:28:40.512536200Z
469205c.2038: ChangeTime: 2014-07-20T02:28:40.512536200Z
470205c.2038: FileAttributes: 0x20
471205c.2038: Size: 0x68560
472205c.2038: NT Headers: 0xf0
473205c.2038: Timestamp: 0x53b44384
474205c.2038: Machine: 0x8664 - amd64
475205c.2038: Timestamp: 0x53b44384
476205c.2038: Image Version: 6.0
477205c.2038: SizeOfImage: 0x6e000 (450560)
478205c.2038: Resource Dir: 0x6c000 LB 0x378
479205c.2038: ProductName: avast! Antivirus
480205c.2038: ProductVersion: 9.0.2021.522
481205c.2038: FileVersion: 9.0.2021.522
482205c.2038: FileDescription: avast! self protection module
483205c.2038: \SystemRoot\System32\drivers\aswStm.sys:
484205c.2038: CreationTime: 2014-01-10T12:26:58.386735800Z
485205c.2038: LastWriteTime: 2014-07-20T02:28:19.643737000Z
486205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
487205c.2038: FileAttributes: 0x20
488205c.2038: Size: 0x16768
489205c.2038: NT Headers: 0x108
490205c.2038: Timestamp: 0x53ac083d
491205c.2038: Machine: 0x8664 - amd64
492205c.2038: Timestamp: 0x53ac083d
493205c.2038: Image Version: 6.2
494205c.2038: SizeOfImage: 0x19000 (102400)
495205c.2038: Resource Dir: 0x17000 LB 0x358
496205c.2038: ProductName: avast! Antivirus
497205c.2038: ProductVersion: 9.0.2021.515
498205c.2038: FileVersion: 9.0.2021.515
499205c.2038: FileDescription: Stream Filter
500205c.2038: \SystemRoot\System32\drivers\aswVmm.sys:
501205c.2038: CreationTime: 2013-03-16T07:11:44.101083700Z
502205c.2038: LastWriteTime: 2014-07-20T02:28:19.278731400Z
503205c.2038: ChangeTime: 2014-07-20T02:28:21.823269200Z
504205c.2038: FileAttributes: 0x20
505205c.2038: Size: 0x36e80
506205c.2038: NT Headers: 0xf0
507205c.2038: Timestamp: 0x53ac0595
508205c.2038: Machine: 0x8664 - amd64
509205c.2038: Timestamp: 0x53ac0595
510205c.2038: Image Version: 6.0
511205c.2038: SizeOfImage: 0x39000 (233472)
512205c.2038: Resource Dir: 0x36000 LB 0x470
513205c.2038: ProductName: avast! Antivirus
514205c.2038: ProductVersion: 9.0.2021.515
515205c.2038: FileVersion: 9.0.2021.515
516205c.2038: SpecialBuild: feb2012
517205c.2038: PrivateBuild: 0SpecialBuild
518205c.2038: FileDescription: avast! VM Monitor
519205c.2038: Calling main()
520205c.2038: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
521205c.2038: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
522205c.2038: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
523205c.2038: SUPR3HardenedMain: Respawn #2
524205c.2038: supR3HardNtEnableThreadCreation:
525205c.2038: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
526205c.2038: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
527205c.2038: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
528205c.2038: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
529205c.2038: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
530205c.2038: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
531205c.2038: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\apphelp.dll'
532205c.2038: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b3c340 pvNtTerminateThread=0000000077b617e0
533205c.2038: supR3HardenedWinDoReSpawn(2): New child 2334.d04 [kernel32].
534205c.2038: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
535205c.2038: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b10000 uNtDllChildAddr=0000000077b10000
536205c.2038: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b3c340
537205c.2038: supR3HardenedWinSetupChildInit: Start child.
538205c.2038: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
539205c.2038: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 56 sleeps
540205c.2038: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
541205c.2038: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
542205c.2038: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
543205c.2038: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
544205c.2038: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
545205c.2038: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
546205c.2038: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
547205c.2038: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
548205c.2038: 0000000000051000-fffffffffffe1fff 0x0001/0x0000 0x0000000
549205c.2038: *00000000000c0000-fffffffffffc3fff 0x0000/0x0004 0x0020000
550205c.2038: 00000000001bc000-00000000001b8fff 0x0104/0x0004 0x0020000
551205c.2038: 00000000001bf000-00000000001bdfff 0x0004/0x0004 0x0020000
552205c.2038: 00000000001c0000-ffffffff8886ffff 0x0001/0x0000 0x0000000
553205c.2038: *0000000077b10000-0000000077b0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
554205c.2038: 0000000077b11000-0000000077a0efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
555205c.2038: 0000000077c13000-0000000077be3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
556205c.2038: 0000000077c42000-0000000077c39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
557205c.2038: 0000000077c4a000-0000000077c48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
558205c.2038: 0000000077c4b000-0000000077c47fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
559205c.2038: 0000000077c4e000-0000000077be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
560205c.2038: 0000000077cb9000-0000000070991fff 0x0001/0x0000 0x0000000
561205c.2038: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
562205c.2038: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
563205c.2038: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
564205c.2038: 000000007fff0000-ffffffffc023ffff 0x0001/0x0000 0x0000000
565205c.2038: *000000013fda0000-000000013fd9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
566205c.2038: 000000013fda1000-000000013fd1cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
567205c.2038: 000000013fe25000-000000013fe23fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
568205c.2038: 000000013fe26000-000000013fde8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
569205c.2038: 000000013fe63000-000000013fe61fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
570205c.2038: 000000013fe64000-000000013fe62fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
571205c.2038: 000000013fe65000-000000013fe62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
572205c.2038: 000000013fe67000-000000013fe65fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
573205c.2038: 000000013fe68000-000000013fe66fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
574205c.2038: 000000013fe69000-000000013fe64fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
575205c.2038: 000000013fe6d000-000000013fe33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
576205c.2038: 000000013fea6000-fffff8037ff1bfff 0x0001/0x0000 0x0000000
577205c.2038: *000007feffe30000-000007feffe2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
578205c.2038: 000007feffe31000-000007fdffcc1fff 0x0001/0x0000 0x0000000
579205c.2038: *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
580205c.2038: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
581205c.2038: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
582205c.2038: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
583205c.2038: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
584205c.2038: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
585205c.2038: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
586205c.2038: VirtualBox.exe: timestamp 0x5439147c (rc=VINF_SUCCESS)
587205c.2038: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
588205c.2038: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
589205c.2038: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
590205c.2038: supR3HardNtChildPurify: Done after 526 ms and 0 fixes (loop #0).
5912334.d04: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
5922334.d04: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b10000
593205c.2038: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
594205c.2038: supR3HardNtEnableThreadCreation:
5952334.d04: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
5962334.d04: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation)
5972334.d04: System32: \Device\HarddiskVolume2\Windows\System32
5982334.d04: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
5992334.d04: KnownDllPath: C:\Windows\system32
6002334.d04: supR3HardenedVmProcessInit: Opening vboxdrv...
6012334.d04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6022334.d04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6032334.d04: Registered Dll notification callback with NTDLL.
6042334.d04: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
6052334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
6062334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
6072334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6082334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6092334.d04: supR3HardenedDllNotificationCallback: load 00000000778f0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
6102334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6112334.d04: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
6122334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
6132334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
6142334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000778f0000 'C:\Windows\system32\kernel32.dll'
6152334.d04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b3c340 pvNtTerminateThread=0000000077b617e0
616205c.2038: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
6172334.d04: \SystemRoot\System32\ntdll.dll:
6182334.d04: CreationTime: 2013-10-28T14:31:18.569121400Z
6192334.d04: LastWriteTime: 2013-08-29T02:16:35.515578900Z
6202334.d04: ChangeTime: 2013-10-28T14:41:24.057904700Z
6212334.d04: FileAttributes: 0x20
6222334.d04: Size: 0x1a6dc0
6232334.d04: NT Headers: 0xe0
6242334.d04: Timestamp: 0x521eaf24
6252334.d04: Machine: 0x8664 - amd64
6262334.d04: Timestamp: 0x521eaf24
6272334.d04: Image Version: 6.1
6282334.d04: SizeOfImage: 0x1a9000 (1740800)
6292334.d04: Resource Dir: 0x151000 LB 0x560d8
6302334.d04: ProductName: Microsoft® Windows® Operating System
6312334.d04: ProductVersion: 6.1.7601.18247
6322334.d04: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
6332334.d04: FileDescription: NT Layer DLL
6342334.d04: \SystemRoot\System32\kernel32.dll:
6352334.d04: CreationTime: 2014-05-03T10:14:41.056671400Z
6362334.d04: LastWriteTime: 2014-03-04T09:44:00.336000000Z
6372334.d04: ChangeTime: 2014-05-03T11:24:01.371356000Z
6382334.d04: FileAttributes: 0x20
6392334.d04: Size: 0x11c000
6402334.d04: NT Headers: 0xe8
6412334.d04: Timestamp: 0x5315a059
6422334.d04: Machine: 0x8664 - amd64
6432334.d04: Timestamp: 0x5315a059
6442334.d04: Image Version: 6.1
6452334.d04: SizeOfImage: 0x11f000 (1175552)
6462334.d04: Resource Dir: 0x116000 LB 0x528
6472334.d04: ProductName: Microsoft® Windows® Operating System
6482334.d04: ProductVersion: 6.1.7601.18409
6492334.d04: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
6502334.d04: FileDescription: Windows NT BASE API Client DLL
6512334.d04: \SystemRoot\System32\KernelBase.dll:
6522334.d04: CreationTime: 2014-05-15T13:55:57.116361600Z
6532334.d04: LastWriteTime: 2014-03-04T09:44:00.336000000Z
6542334.d04: ChangeTime: 2014-05-15T14:13:34.435418800Z
6552334.d04: FileAttributes: 0x20
6562334.d04: Size: 0x67c00
6572334.d04: NT Headers: 0xe8
6582334.d04: Timestamp: 0x5315a05a
6592334.d04: Machine: 0x8664 - amd64
6602334.d04: Timestamp: 0x5315a05a
6612334.d04: Image Version: 6.1
6622334.d04: SizeOfImage: 0x6c000 (442368)
6632334.d04: Resource Dir: 0x6a000 LB 0x530
6642334.d04: ProductName: Microsoft® Windows® Operating System
6652334.d04: ProductVersion: 6.1.7601.18409
6662334.d04: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
6672334.d04: FileDescription: Windows NT BASE API Client DLL
6682334.d04: \SystemRoot\System32\apisetschema.dll:
6692334.d04: CreationTime: 2013-09-27T12:41:38.148499800Z
6702334.d04: LastWriteTime: 2013-08-02T02:12:20.275000000Z
6712334.d04: ChangeTime: 2013-09-27T13:02:25.378496900Z
6722334.d04: FileAttributes: 0x20
6732334.d04: Size: 0x1a00
6742334.d04: NT Headers: 0xc0
6752334.d04: Timestamp: 0x51fb15ca
6762334.d04: Machine: 0x8664 - amd64
6772334.d04: Timestamp: 0x51fb15ca
6782334.d04: Image Version: 6.1
6792334.d04: SizeOfImage: 0x50000 (327680)
6802334.d04: Resource Dir: 0x30000 LB 0x3f8
6812334.d04: ProductName: Microsoft® Windows® Operating System
6822334.d04: ProductVersion: 6.1.7601.18229
6832334.d04: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6842334.d04: FileDescription: ApiSet Schema DLL
6852334.d04: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6862334.d04: supR3HardenedWinFindAdversaries: 0x4
6872334.d04: \SystemRoot\System32\drivers\aswHwid.sys:
6882334.d04: CreationTime: 2014-04-25T12:36:58.393861100Z
6892334.d04: LastWriteTime: 2014-07-20T02:28:18.591222800Z
6902334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
6912334.d04: FileAttributes: 0x20
6922334.d04: Size: 0x7218
6932334.d04: NT Headers: 0xe8
6942334.d04: Timestamp: 0x53ac048e
6952334.d04: Machine: 0x8664 - amd64
6962334.d04: Timestamp: 0x53ac048e
6972334.d04: Image Version: 6.0
6982334.d04: SizeOfImage: 0xa000 (40960)
6992334.d04: Resource Dir: 0x8000 LB 0x460
7002334.d04: ProductName: avast! Antivirus
7012334.d04: ProductVersion: 9.0.2021.515
7022334.d04: FileVersion: 9.0.2021.515
7032334.d04: SpecialBuild: feb2012
7042334.d04: PrivateBuild: 0SpecialBuild
7052334.d04: FileDescription: avast! HWID
7062334.d04: \SystemRoot\System32\drivers\aswMonFlt.sys:
7072334.d04: CreationTime: 2013-01-30T14:27:27.441105800Z
7082334.d04: LastWriteTime: 2014-07-20T02:28:18.626223400Z
7092334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
7102334.d04: FileAttributes: 0x20
7112334.d04: Size: 0x13550
7122334.d04: NT Headers: 0xe0
7132334.d04: Timestamp: 0x53ac04e3
7142334.d04: Machine: 0x8664 - amd64
7152334.d04: Timestamp: 0x53ac04e3
7162334.d04: Image Version: 6.0
7172334.d04: SizeOfImage: 0x22000 (139264)
7182334.d04: Resource Dir: 0x20000 LB 0x3b8
7192334.d04: ProductName: avast! Antivirus
7202334.d04: ProductVersion: 9.0.2021.515
7212334.d04: FileVersion: 9.0.2021.515
7222334.d04: FileDescription: avast! File System Minifilter for Windows 2003/Vista
7232334.d04: \SystemRoot\System32\drivers\aswRdr2.sys:
7242334.d04: CreationTime: 2013-01-30T14:27:36.598321800Z
7252334.d04: LastWriteTime: 2014-07-20T02:28:18.386220900Z
7262334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
7272334.d04: FileAttributes: 0x20
7282334.d04: Size: 0x16d80
7292334.d04: NT Headers: 0xf0
7302334.d04: Timestamp: 0x53ac0508
7312334.d04: Machine: 0x8664 - amd64
7322334.d04: Timestamp: 0x53ac0508
7332334.d04: Image Version: 6.1
7342334.d04: SizeOfImage: 0x1a000 (106496)
7352334.d04: Resource Dir: 0x18000 LB 0x3a0
7362334.d04: ProductName: avast! Antivirus
7372334.d04: ProductVersion: 9.0.2021.515
7382334.d04: FileVersion: 9.0.2021.515 built by: WinDDK
7392334.d04: FileDescription: avast! WFP Redirect Driver
7402334.d04: \SystemRoot\System32\drivers\aswRvrt.sys:
7412334.d04: CreationTime: 2013-03-16T07:11:43.618878800Z
7422334.d04: LastWriteTime: 2014-07-20T02:28:18.661223900Z
7432334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
7442334.d04: FileAttributes: 0x20
7452334.d04: Size: 0x100f0
7462334.d04: NT Headers: 0xf8
7472334.d04: Timestamp: 0x53ac058b
7482334.d04: Machine: 0x8664 - amd64
7492334.d04: Timestamp: 0x53ac058b
7502334.d04: Image Version: 6.0
7512334.d04: SizeOfImage: 0x13000 (77824)
7522334.d04: Resource Dir: 0x11000 LB 0x468
7532334.d04: ProductName: avast! Antivirus
7542334.d04: ProductVersion: 9.0.2021.515
7552334.d04: FileVersion: 9.0.2021.515
7562334.d04: SpecialBuild: feb2012
7572334.d04: PrivateBuild: 0SpecialBuild
7582334.d04: FileDescription: avast! Revert
7592334.d04: \SystemRoot\System32\drivers\aswSnx.sys:
7602334.d04: CreationTime: 2013-01-30T14:27:36.052320900Z
7612334.d04: LastWriteTime: 2014-11-22T05:27:25.705668500Z
7622334.d04: ChangeTime: 2014-11-22T05:27:25.705668500Z
7632334.d04: FileAttributes: 0x20
7642334.d04: Size: 0xfe310
7652334.d04: NT Headers: 0xe8
7662334.d04: Timestamp: 0x546f4916
7672334.d04: Machine: 0x8664 - amd64
7682334.d04: Timestamp: 0x546f4916
7692334.d04: Image Version: 6.0
7702334.d04: SizeOfImage: 0x102000 (1056768)
7712334.d04: Resource Dir: 0xfa000 LB 0x380
7722334.d04: ProductName: avast! Antivirus
7732334.d04: ProductVersion: 9.0.2021.539
7742334.d04: FileVersion: 9.0.2021.539
7752334.d04: FileDescription: avast! Virtualization Driver
7762334.d04: \SystemRoot\System32\drivers\aswsp.sys:
7772334.d04: CreationTime: 2013-01-30T14:27:37.456323300Z
7782334.d04: LastWriteTime: 2014-07-20T02:28:40.512536200Z
7792334.d04: ChangeTime: 2014-07-20T02:28:40.512536200Z
7802334.d04: FileAttributes: 0x20
7812334.d04: Size: 0x68560
7822334.d04: NT Headers: 0xf0
7832334.d04: Timestamp: 0x53b44384
7842334.d04: Machine: 0x8664 - amd64
7852334.d04: Timestamp: 0x53b44384
7862334.d04: Image Version: 6.0
7872334.d04: SizeOfImage: 0x6e000 (450560)
7882334.d04: Resource Dir: 0x6c000 LB 0x378
7892334.d04: ProductName: avast! Antivirus
7902334.d04: ProductVersion: 9.0.2021.522
7912334.d04: FileVersion: 9.0.2021.522
7922334.d04: FileDescription: avast! self protection module
7932334.d04: \SystemRoot\System32\drivers\aswStm.sys:
7942334.d04: CreationTime: 2014-01-10T12:26:58.386735800Z
7952334.d04: LastWriteTime: 2014-07-20T02:28:19.643737000Z
7962334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
7972334.d04: FileAttributes: 0x20
7982334.d04: Size: 0x16768
7992334.d04: NT Headers: 0x108
8002334.d04: Timestamp: 0x53ac083d
8012334.d04: Machine: 0x8664 - amd64
8022334.d04: Timestamp: 0x53ac083d
8032334.d04: Image Version: 6.2
8042334.d04: SizeOfImage: 0x19000 (102400)
8052334.d04: Resource Dir: 0x17000 LB 0x358
8062334.d04: ProductName: avast! Antivirus
8072334.d04: ProductVersion: 9.0.2021.515
8082334.d04: FileVersion: 9.0.2021.515
8092334.d04: FileDescription: Stream Filter
8102334.d04: \SystemRoot\System32\drivers\aswVmm.sys:
8112334.d04: CreationTime: 2013-03-16T07:11:44.101083700Z
8122334.d04: LastWriteTime: 2014-07-20T02:28:19.278731400Z
8132334.d04: ChangeTime: 2014-07-20T02:28:21.823269200Z
8142334.d04: FileAttributes: 0x20
8152334.d04: Size: 0x36e80
8162334.d04: NT Headers: 0xf0
8172334.d04: Timestamp: 0x53ac0595
8182334.d04: Machine: 0x8664 - amd64
8192334.d04: Timestamp: 0x53ac0595
8202334.d04: Image Version: 6.0
8212334.d04: SizeOfImage: 0x39000 (233472)
8222334.d04: Resource Dir: 0x36000 LB 0x470
8232334.d04: ProductName: avast! Antivirus
8242334.d04: ProductVersion: 9.0.2021.515
8252334.d04: FileVersion: 9.0.2021.515
8262334.d04: SpecialBuild: feb2012
8272334.d04: PrivateBuild: 0SpecialBuild
8282334.d04: FileDescription: avast! VM Monitor
8292334.d04: Calling main()
8302334.d04: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8312334.d04: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8322334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8332334.d04: SUPR3HardenedMain: Final process, opening VBoxDrv...
8342334.d04: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
8352334.d04: supR3HardNtEnableThreadCreation:
8362334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8372334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8382334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000713be0:C:\Windows\system32 [calling]
8392334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8402334.d04: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8412334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8422334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8432334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
8442334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8452334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8462334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
8472334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8482334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8492334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8502334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
8512334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8522334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8532334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8542334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8552334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8562334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8572334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8582334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8592334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8602334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8612334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8622334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8652334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8662334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8672334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8682334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8692334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8702334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8712334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8722334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8732334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8742334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8752334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8762334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8772334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8782334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8792334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000713be0:C:\Windows\system32 [calling]
8802334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8812334.d04: supR3HardenedDllNotificationCallback: load 000007fefdc30000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
8822334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8832334.d04: supR3HardenedDllNotificationCallback: load 000007fefe7f0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
8842334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8852334.d04: supR3HardenedDllNotificationCallback: load 000007fefdac0000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
8862334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8872334.d04: supR3HardenedDllNotificationCallback: load 000007fefd8e0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
8882334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8892334.d04: supR3HardenedDllNotificationCallback: load 000007fefdd80000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
8902334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8912334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc30000 'C:\Windows\system32\Wintrust.dll'
8922334.d04: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
8932334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
8942334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
8952334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
8962334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8972334.d04: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
8982334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8992334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\Windows\system32\CRYPTSP.dll'
9002334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9012334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9022334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9032334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9052334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9062334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9072334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9082334.d04: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9092334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9102334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\rsaenh.dll'
9112334.d04: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
9122334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9132334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
9142334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
9152334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
9162334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9172334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9182334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9202334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9212334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9222334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9232334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9242334.d04: supR3HardenedDllNotificationCallback: load 000007fefdf30000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
9252334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9262334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9272334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9282334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9292334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9302334.d04: supR3HardenedDllNotificationCallback: load 000007fefe4f0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
9312334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9322334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\ADVAPI32.dll'
9332334.d04: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
9342334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9352334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9362334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9372334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9382334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9392334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9402334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9412334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9422334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9432334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9442334.d04: supR3HardenedDllNotificationCallback: load 000007fefd730000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
9452334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9462334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\Windows\system32\CRYPTBASE.dll'
9472334.d04: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
9482334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9492334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9502334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000778f0000 'C:\Windows\system32\kernel32.dll'
9512334.d04: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\Windows\system32\WINTRUST.DLL' [rcNt=0xc0150008]
9522334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9532334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9542334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc30000 'C:\Windows\system32\WINTRUST.DLL'
9552334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9562334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9572334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdac0000 'C:\Windows\system32\CRYPT32.dll'
9582334.d04: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\Windows\system32\imagehlp.dll' [rcNt=0xc0150008]
9592334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9602334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
9612334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9622334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9652334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9662334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9672334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9682334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9692334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9702334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9712334.d04: supR3HardenedDllNotificationCallback: load 000007fefe510000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
9722334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9732334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe510000 'C:\Windows\system32\imagehlp.dll'
9742334.d04: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
9752334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9762334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
9772334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\Windows\system32\CRYPTSP.dll'
9782334.d04: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\Windows\system32\USER32.dll' [rcNt=0xc0150008]
9792334.d04: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
9802334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9812334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9822334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9832334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9842334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9852334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
9862334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
9872334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9882334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9892334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
9902334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
9912334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9922334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9932334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
9942334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
9952334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
9962334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9972334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9982334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
10002334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
10012334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10022334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10032334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
10042334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
10052334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
10062334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10072334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10082334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10092334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10102334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10112334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10122334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10132334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10142334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10162334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10172334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10202334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10212334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
10222334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10232334.d04: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
10242334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10252334.d04: supR3HardenedDllNotificationCallback: load 000007fefe780000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
10262334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10272334.d04: supR3HardenedDllNotificationCallback: load 000007fefebc0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
10282334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
10292334.d04: supR3HardenedDllNotificationCallback: load 000007fefe230000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
10302334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
10312334.d04: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008]
10322334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10332334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
10342334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe780000 'C:\Windows\system32\gdi32.dll'
10352334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10362334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
10372334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
10382334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
10392334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
10402334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
10412334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
10422334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10432334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
10442334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
10452334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
10462334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
10472334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
10482334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10492334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10502334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10512334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10522334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10532334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10542334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
10552334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
10562334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10572334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10582334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10592334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10602334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10612334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10622334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10652334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10662334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
10672334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10682334.d04: supR3HardenedDllNotificationCallback: load 000007fefe070000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
10692334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10702334.d04: supR3HardenedDllNotificationCallback: load 000007fefe3e0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
10712334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
10722334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe070000 'C:\Windows\system32\IMM32.DLL'
10732334.d04: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Security : Owner is administrators group.
10742334.d04: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume2\Program Files\Agnitum\Outpost Security 潎敮漠⁦桴⁥‱慰桴猨

1075慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭尲牐杯慲楆敬屳杁楮畴屭畏灴獯⁴敓畣楲祴躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º)
10762334.d04: Error (rc=0):
10772334.d04: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Security 潎敮漠⁦桴⁥‱慰桴猨

1078慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭尲牐杯慲楆敬屳杁楮畴屭畏灴獯⁴敓畣楲祴躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Security 潎敮漠⁦桴⁥‱慰桴猨

1079慨敶愠琠畲瑳愠据潨⹲›
10802334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Security 潎敮漠⁦桴⁥‱慰桴猨

1081慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭尲牐杯慲楆敬屳杁楮畴屭畏灴獯⁴敓畣楲祴躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º
10822334.d04: Error (rc=0):
10832334.d04: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll': rcNt=0xc0000190
10842334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll'
10852334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\Windows\system32\USER32.dll'
10862334.d04: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\Windows\system32\ncrypt.dll' [rcNt=0xc0150008]
10872334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
10882334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10892334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
10902334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
10912334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10922334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10932334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10942334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10952334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10962334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10972334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10982334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11002334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
11012334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11022334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11032334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11042334.d04: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
11052334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11062334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11072334.d04: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
11082334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11092334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\ncrypt.dll'
11102334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11112334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
11122334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
11132334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
11142334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11162334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11172334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11192334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11202334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11212334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11222334.d04: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
11232334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11242334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\Windows\system32\bcryptprimitives.dll'
11252334.d04: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\Windows\system32\bcrypt.dll' [rcNt=0xc0150008]
11262334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11272334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11282334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0f0000 'C:\Windows\system32\bcrypt.dll'
11292334.d04: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\Windows\system32\USERENV.dll' [rcNt=0xc0150008]
11302334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11312334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11322334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
11332334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
11342334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
11352334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11362334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11372334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11382334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
11392334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
11402334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11412334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11422334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11432334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11442334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11452334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11462334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11482334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11492334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11502334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11512334.d04: supR3HardenedDllNotificationCallback: load 000007fefdaa0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
11522334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11532334.d04: supR3HardenedDllNotificationCallback: load 000007fefd8d0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
11542334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11552334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\USERENV.dll'
11562334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11572334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11582334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11592334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11602334.d04: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\Windows\system32\GPAPI.dll' [rcNt=0xc0150008]
11612334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11622334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11632334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
11642334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
11652334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11662334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11672334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11682334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11692334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11702334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11712334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11722334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11732334.d04: supR3HardenedDllNotificationCallback: load 000007fefcb90000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
11742334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11752334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb90000 'C:\Windows\system32\GPAPI.dll'
11762334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11772334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11782334.d04: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008]
11792334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11802334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11812334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd80000 'C:\Windows\system32\rpcrt4.dll'
11822334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11832334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
11842334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
11852334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11862334.d04: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
11872334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11882334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
11892334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
11902334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
11912334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
11922334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
11932334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
11942334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
11952334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11962334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
11972334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
11982334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12002334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12012334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12022334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12032334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12052334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12062334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12072334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12082334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12092334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12102334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12112334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12122334.d04: supR3HardenedDllNotificationCallback: load 000007fefa250000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
12132334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12142334.d04: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
12152334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
12162334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12172334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12182334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12192334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12202334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12212334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12222334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12232334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12242334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12252334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12262334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12272334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12282334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12292334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12302334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12312334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12322334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12332334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12342334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12352334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12362334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12372334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12382334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12392334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12402334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12412334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12422334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12432334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12442334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12452334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12462334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12472334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12482334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12492334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12502334.d04: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
12512334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12522334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12532334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa250000 'C:\Windows\system32\cryptnet.dll'
12542334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12552334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12562334.d04: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\Windows\system32\profapi.dll' [rcNt=0xc0150008]
12572334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12582334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12592334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8d0000 'C:\Windows\system32\profapi.dll'
12602334.d04: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\Windows\system32\SHLWAPI.dll' [rcNt=0xc0150008]
12612334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12622334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12632334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12642334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
12652334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12662334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12672334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12682334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12692334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12702334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12712334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12722334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12732334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12742334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12752334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12762334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12772334.d04: supR3HardenedDllNotificationCallback: load 000007fefeb40000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
12782334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12792334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb40000 'C:\Windows\system32\SHLWAPI.dll'
12802334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12812334.d04: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000755070
12822334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
12832334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
12842334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12852334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12862334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12872334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
12882334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12892334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
12902334.d04: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
12912334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12922334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12932334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\ADVAPI32.dll'
12942334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12952334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
12962334.d04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
12972334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
12982334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
12992334.d04: g_pfnWinVerifyTrust=000007fefdc31010
13002334.d04: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13012334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
13022334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13032334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13042334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
13052334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13062334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13072334.d04: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13082334.d04: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13092334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
13102334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13112334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13122334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
13132334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13142334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13152334.d04: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13162334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13172334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13182334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13192334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
13202334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13212334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13222334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13232334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
13242334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13252334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13262334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
13272334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13282334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13292334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13302334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
13312334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13322334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13332334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
13342334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13352334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13362334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13372334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000264 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
13382334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13392334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13402334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
13412334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13422334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13432334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13442334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
13452334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13462334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13472334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
13482334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13492334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13502334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13512334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
13522334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13532334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13542334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
13552334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13562334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13572334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13582334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
13592334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13602334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13612334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13622334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
13632334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13642334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13652334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
13672334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13682334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13692334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
13702334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13712334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13722334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13732334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
13742334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13752334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13762334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
13772334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
13782334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13792334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
13802334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
13812334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13822334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13832334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
13842334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
13852334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13862334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
13872334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
13882334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13892334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13902334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
13912334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13922334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13932334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13942334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
13952334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
13962334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
13972334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
13982334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
13992334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14002334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
14012334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
14022334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14032334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14042334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
14052334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14062334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14072334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14082334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
14092334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14102334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14112334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
14122334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
14132334.d04: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000755070
14142334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14152334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
14162334.d04: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
14172334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
14182334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
14192334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
14202334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14212334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14222334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
14232334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14242334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14252334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14262334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
14272334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14282334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14292334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
14302334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14312334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14322334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14332334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
14342334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14352334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14362334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
14372334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14382334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14392334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14402334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
14412334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14422334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14432334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
14442334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14452334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14462334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14472334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
14482334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
14492334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14502334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14512334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
14522334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14532334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14542334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14552334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14562334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14572334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14582334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
14592334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14602334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14612334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14622334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
14632334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14642334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14652334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
14662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14672334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14682334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14692334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
14702334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14712334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14722334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
14732334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
14742334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14752334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
14762334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
14772334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
14782334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14792334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14802334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
14812334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
14822334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14832334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
14842334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
14852334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
14862334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
14872334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
14882334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14892334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14902334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14912334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14922334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000007c0d50:C:\Windows\system32 [calling]
14932334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdac0000 'C:\Windows\system32\crypt32.dll'
14942334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x873c3812e853de00 OU=generated by avast! antivirus for SSL scanning, O=avast! Mail Scanner, CN=avast! Mail Scanner Root
14952334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14962334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14972334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14982334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14992334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15002334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15012334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15022334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15032334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15042334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15052334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15062334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
15072334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15082334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15092334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
15102334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
15112334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15122334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15132334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15142334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
15152334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15162334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
15172334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15182334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15192334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15202334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15212334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
15222334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15232334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
15242334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15252334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15262334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
15272334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
15282334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15292334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15302334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
15312334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
15322334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
15332334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
15342334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
15352334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15362334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15372334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
15382334.d04: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15392334.d04: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=45
15402334.d04: SUPR3HardenedMain: Load Runtime...
15412334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15422334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15432334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
15442334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
15452334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
15462334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15482334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15492334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15502334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15512334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15522334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15532334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
15542334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
15552334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
15562334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
15572334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15582334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15592334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15602334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
15612334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
15622334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15652334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15662334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
15672334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15682334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15692334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15702334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
15712334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15722334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15732334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15742334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15752334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
15762334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
15772334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000154 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
15782334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
15792334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
15802334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
15812334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
15822334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15832334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
15842334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
15852334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15862334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15872334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15882334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15892334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15902334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15912334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
15922334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15932334.d04: supR3HardenedDllNotificationCallback: load 000007feed960000 LB 0x0052f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
15942334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15952334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15962334.d04: supR3HardenedDllNotificationCallback: load 0000000073ee0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15972334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15982334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15992334.d04: supR3HardenedDllNotificationCallback: load 0000000071e40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
16002334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16012334.d04: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
16022334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16032334.d04: supR3HardenedDllNotificationCallback: load 000007feffe10000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
16042334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
16052334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16062334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16072334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16082334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16092334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16102334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16112334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16122334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16132334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16142334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16152334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16162334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16172334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16182334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16192334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16202334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16212334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16222334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16232334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16242334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16252334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16262334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16272334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16282334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16292334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16302334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16312334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16322334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16332334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16342334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16352334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16362334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16372334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16382334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16392334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16402334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16412334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16422334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16432334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16442334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16452334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16462334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16472334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16482334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16492334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16502334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16512334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16522334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16532334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16542334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16552334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16562334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16572334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16582334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16592334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16602334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16612334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16622334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16632334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16642334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16652334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16662334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16672334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16682334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16692334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16702334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16712334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16722334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16732334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16742334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16752334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16762334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16772334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16782334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16792334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16802334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16812334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16822334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16832334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16842334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16852334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16862334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16872334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16882334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16892334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16902334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16912334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16922334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16932334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16942334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16952334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16962334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
16972334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16982334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16992334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000713fe0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
17002334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17012334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17022334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
17032334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000599570:C:\Windows\system32 [calling]
17042334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc30000 'C:\Windows\system32\Wintrust.dll'
17052334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
17062334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000599570:C:\Windows\system32 [calling]
17072334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdac0000 'C:\Windows\system32\crypt32.dll'
17082334.d04: SUPR3HardenedMain: Load TrustedMain...
17092334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
17102334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17112334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
17122334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17132334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
17142334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
17152334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
17162334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
17172334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
17182334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
17192334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
17202334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
17212334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
17222334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
17232334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
17242334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
17252334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
17262334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17272334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17282334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17292334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
17302334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
17312334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
17322334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
17332334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
17342334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17352334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17362334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17372334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
17382334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
17392334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
17402334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
17412334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
17422334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
17432334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
17442334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
17452334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
17462334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17472334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17482334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
17492334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17502334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17512334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
17522334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
17532334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
17542334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
17552334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17562334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17572334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17582334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
17592334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
17602334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
17612334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
17622334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17632334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17642334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17652334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17662334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17672334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
17682334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
17692334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17702334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17712334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17722334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
17732334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
17742334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
17752334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
17762334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
17772334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17782334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17792334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17802334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
17812334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17822334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
17832334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
17842334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17852334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17862334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
17872334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
17882334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
17892334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
17902334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
17912334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17922334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17932334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
17942334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
17952334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
17962334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
17972334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
17982334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18002334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
18012334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18022334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18032334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18052334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18062334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
18072334.d04: Error (rc=0):
18082334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=1 \Device\HarddiskVolume2\Windows\System32\user32.dll
18092334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
18102334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
18112334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
18122334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
18132334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18142334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
18152334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
18162334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
18172334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
18182334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
18192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
18202334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
18212334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
18222334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
18232334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
18242334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
18252334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
18262334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18272334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18282334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18292334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
18302334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
18312334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18322334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18332334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
18342334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
18352334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18362334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
18372334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
18382334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
18392334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
18402334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
18412334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
18422334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18432334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18442334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18452334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18462334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
18472334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18482334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
18492334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18502334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18512334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
18522334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18532334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18542334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18552334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18562334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18572334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18582334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18592334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18602334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18612334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
18622334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18642334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
18652334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
18662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
18672334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
18682334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
18692334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18702334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18712334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18722334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18732334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
18742334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
18752334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18762334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
18772334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18782334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18792334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18802334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
18812334.d04: Error (rc=0):
18822334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=2 \Device\HarddiskVolume2\Windows\System32\user32.dll
18832334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
18842334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
18852334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
18862334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
18872334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
18882334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
18892334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
18902334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18912334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18922334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18932334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
18942334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18952334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
18962334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
18972334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
18982334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
19002334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
19012334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
19022334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
19032334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
19042334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
19052334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
19062334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19072334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19082334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
19092334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19102334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
19112334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
19122334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19132334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19142334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19162334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19172334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19202334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
19212334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19222334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19232334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19242334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19252334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19262334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19272334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19282334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19292334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19302334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19312334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19322334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19332334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19342334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19352334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19362334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19372334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19382334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
19392334.d04: Error (rc=0):
19402334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=3 \Device\HarddiskVolume2\Windows\System32\user32.dll
19412334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19422334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19432334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19442334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19452334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19462334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19482334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19492334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19502334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19512334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19522334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19532334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19542334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19552334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19562334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19572334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19582334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
19592334.d04: Error (rc=0):
19602334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=4 \Device\HarddiskVolume2\Windows\System32\user32.dll
19612334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19622334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19632334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
19652334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
19662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
19672334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
19682334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
19692334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
19702334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
19712334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19722334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19732334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19742334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19752334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
19762334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
19772334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19782334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19792334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19802334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19812334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19822334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19832334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19842334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19852334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19862334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
19872334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
19882334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19892334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19902334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19912334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19922334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19932334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19942334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19952334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19962334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19972334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19982334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19992334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20002334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20012334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20022334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20032334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
20052334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
20062334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20072334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
20082334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
20092334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20102334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20112334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20122334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20132334.d04: Error (rc=0):
20142334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=5 \Device\HarddiskVolume2\Windows\System32\user32.dll
20152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20162334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20172334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20202334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20212334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20222334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20232334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20242334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20252334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20262334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20272334.d04: Error (rc=0):
20282334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=6 \Device\HarddiskVolume2\Windows\System32\user32.dll
20292334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20302334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20312334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20322334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20332334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20342334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20352334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20362334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20372334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
20382334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20392334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20402334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20412334.d04: Error (rc=0):
20422334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=7 \Device\HarddiskVolume2\Windows\System32\user32.dll
20432334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20442334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20452334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20462334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20482334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20492334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20502334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20512334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20522334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20532334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20542334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20552334.d04: Error (rc=0):
20562334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=8 \Device\HarddiskVolume2\Windows\System32\user32.dll
20572334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20582334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20592334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
20602334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20612334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20622334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20632334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20642334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20652334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20662334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20672334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20682334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20692334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20702334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20712334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
20722334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
20732334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
20742334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
20752334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
20762334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20772334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20782334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20792334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20802334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
20812334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
20822334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20832334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20842334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20852334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20862334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20872334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20882334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20892334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20902334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20912334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20922334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20932334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20942334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20952334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20962334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20972334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20982334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20992334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21002334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21012334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21022334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21032334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21052334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21062334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21072334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21082334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21092334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21102334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21112334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21122334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21132334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21142334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21162334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21172334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21202334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21212334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21222334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21232334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21242334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21252334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21262334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21272334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
21282334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
21292334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21302334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
21312334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
21322334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
21332334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
21342334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21352334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21362334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21372334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21382334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
21392334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21402334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21412334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21422334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
21432334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
21442334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
21452334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
21462334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
21472334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21482334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
21492334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
21502334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
21512334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21522334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
21532334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
21542334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
21552334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
21562334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
21572334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21582334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21592334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21602334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
21612334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
21622334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
21632334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
21642334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
21652334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
21662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
21672334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21682334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21692334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
21702334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21712334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
21722334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21732334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21742334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21752334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21762334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21772334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21782334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21792334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21802334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21812334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21822334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21832334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21842334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21852334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21862334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21872334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21882334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
21892334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
21902334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
21912334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
21922334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
21932334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
21942334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
21952334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21962334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21972334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
21982334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
21992334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
22002334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22012334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22022334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22032334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22042334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22052334.d04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22062334.d04: Error (rc=0):
22072334.d04: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cErrorHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
22082334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22092334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22102334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22112334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22122334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22132334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22142334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22152334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22162334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22172334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22192334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
22202334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
22212334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
22222334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
22232334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
22242334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22252334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22262334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
22272334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22282334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
22292334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
22302334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22312334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22322334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22332334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22342334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22352334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22362334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22372334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22382334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22392334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22402334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
22412334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22422334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22432334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22442334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22452334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22462334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22482334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22492334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
22502334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22512334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22522334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22532334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22542334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
22552334.d04: supR3HardenedDllNotificationCallback: load 000007fee9210000 LB 0x00872000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
22562334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
22572334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22582334.d04: supR3HardenedDllNotificationCallback: load 000007fef3b40000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
22592334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22602334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
22612334.d04: supR3HardenedDllNotificationCallback: load 000007fef5b90000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
22622334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
22632334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
22642334.d04: supR3HardenedDllNotificationCallback: load 000007fef3c80000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
22652334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
22662334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
22672334.d04: supR3HardenedDllNotificationCallback: load 000007fefac00000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
22682334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
22692334.d04: supR3HardenedDllNotificationCallback: load 000007fefeea0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
22702334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22712334.d04: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
22722334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
22732334.d04: supR3HardenedDllNotificationCallback: load 000007fefe300000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
22742334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22752334.d04: supR3HardenedDllNotificationCallback: load 000007fefe930000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
22762334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22772334.d04: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
22782334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
22792334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22802334.d04: supR3HardenedDllNotificationCallback: load 000007fefba70000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
22812334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22822334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
22832334.d04: supR3HardenedDllNotificationCallback: load 0000000068ca0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
22842334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
22852334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
22862334.d04: supR3HardenedDllNotificationCallback: load 000000005fad0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
22872334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
22882334.d04: supR3HardenedDllNotificationCallback: load 000007fefdce0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
22892334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
22902334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
22912334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22922334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22932334.d04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
22942334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
22952334.d04: supR3HardenedDllNotificationCallback: load 000007fef7b70000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
22962334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
22972334.d04: supR3HardenedDllNotificationCallback: load 000007feff080000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
22982334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22992334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23002334.d04: supR3HardenedDllNotificationCallback: load 000007fef5bc0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
23012334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23022334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
23032334.d04: supR3HardenedDllNotificationCallback: load 000007fef7c70000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
23042334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
23052334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
23062334.d04: supR3HardenedDllNotificationCallback: load 000000006a220000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
23072334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
23082334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
23092334.d04: supR3HardenedDllNotificationCallback: load 000000006a140000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
23102334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
23112334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
23122334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
23132334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
23142334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
23152334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
23162334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23172334.d04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
23182334.d04: supR3HardenedMonitor_LdrLoadDll: 'imm32.dll' -> 'C:\Windows\system32\imm32.dll' [rcNt=0xc0150008]
23192334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
23202334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23212334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23222334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23232334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23242334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
23252334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23262334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23272334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
23282334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll *pfFlags=0x0 pwszSearchPath=0000000000786280:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23292334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe070000 'C:\Windows\system32\imm32.dll'
23302334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9210000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
23312334.d04: SUPR3HardenedMain: Calling TrustedMain (000007fee9211ca0)...
23322334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23332334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23342334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5bc0000 'C:\Windows\system32\winmm.dll'
23352334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23362334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
23372334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
23382334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
23392334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
23402334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23412334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23422334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23432334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
23442334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
23452334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23462334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23472334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23482334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
23492334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23502334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23512334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23522334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23532334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
23542334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000615a60:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23552334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23562334.d04: supR3HardenedDllNotificationCallback: load 000007fefbe50000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
23572334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23582334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23592334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23602334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000615a60:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23612334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23622334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23632334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000006159b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23642334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23652334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23662334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000006159b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23672334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23682334.d04: supR3HardenedMonitor_LdrLoadDll: 'dwmapi.dll' -> 'C:\Windows\system32\dwmapi.dll' [rcNt=0xc0150008]
23692334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
23702334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23712334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba70000 'C:\Windows\system32\dwmapi.dll'
23722334.d04: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
23732334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
23742334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23752334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\Windows\system32\CRYPTBASE.dll'
23762334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23772334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23782334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff080000 'C:\Windows\system32\shell32.dll'
23792334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
23802334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23812334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000778f0000 'C:\Windows\system32\kernel32.dll'
23822334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23832334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23842334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23852334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23862334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23872334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23882334.d04: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll)
23892334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23902334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
23912334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23922334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23932334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
23942334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
23952334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23962334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\advapi32.dll'
23972334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
23982334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23992334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\userenv.dll'
24002334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
24012334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24022334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000778f0000 'C:\Windows\system32\kernel32.dll'
24032334.d04: supR3HardenedMonitor_LdrLoadDll: 'CLBCatQ.DLL' -> 'C:\Windows\system32\CLBCatQ.DLL' [rcNt=0xc0150008]
24042334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24052334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
24062334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
24072334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
24082334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
24092334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24102334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24112334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
24122334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24132334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24142334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24152334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
24162334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
24172334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24182334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24192334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24202334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
24212334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24222334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24232334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24242334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24252334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24262334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24272334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24282334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24292334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24302334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24312334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24322334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24332334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24342334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
24352334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL *pfFlags=0x0 pwszSearchPath=0000000000786040:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24362334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24372334.d04: supR3HardenedDllNotificationCallback: load 000007fefe890000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
24382334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24392334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe890000 'C:\Windows\system32\CLBCatQ.DLL'
24402334.d04: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
24412334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24422334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000786670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24432334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\ADVAPI32.dll'
24442334.d04: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
24452334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
24462334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000786550:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24472334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\Windows\system32\CRYPTSP.dll'
24482334.d04: supR3HardenedMonitor_LdrLoadDll: 'RpcRtRemote.dll' -> 'C:\Windows\system32\RpcRtRemote.dll' [rcNt=0xc0150008]
24492334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d8 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24502334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
24512334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
24522334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
24532334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
24542334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24552334.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
24562334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
24572334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24582334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24592334.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24602334.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
24612334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll *pfFlags=0x0 pwszSearchPath=0000000000786550:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24622334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24632334.d04: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
24642334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24652334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\RpcRtRemote.dll'
24662334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24672334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll *pfFlags=0x0 pwszSearchPath=00000000006159b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24682334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'C:\Windows\system32\oleaut32.dll'
24692334.d04: supR3HardenedMonitor_LdrLoadDll: 'SXS.DLL' -> 'C:\Windows\system32\SXS.DLL' [rcNt=0xc0150008]
24702334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
24712334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
24722334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
24732334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
24742334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
24752334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24762334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
24772334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
24782334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL *pfFlags=0x0 pwszSearchPath=00000000007868b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24792334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
24802334.d04: supR3HardenedDllNotificationCallback: load 000007fefd7a0000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
24812334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
24822334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7a0000 'C:\Windows\system32\SXS.DLL'
24832334.d04: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
24842334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24852334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000007868b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24862334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\ADVAPI32.dll'
24872334.d04: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008]
24882334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24892334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000786dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24902334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'C:\Windows\system32\OLEAUT32.dll'
24912334.d04: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
24922334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24932334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000786a60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24942334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf30000 'C:\Windows\system32\ADVAPI32.dll'
24952334.d04: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll)
24962334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000786ca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24972334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
24982334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
24992334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000786ca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25002334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe780000 'C:\Windows\system32\gdi32.dll'
25012334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25022334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25032334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25042334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25052334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25062334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
25072334.adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
25082334.adc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
25092334.adc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25102334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25112334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25122334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25132334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25142334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25152334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25162334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25172334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25182334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25192334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25202334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25212334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
25222334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25232334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25242334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
25252334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25262334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25272334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
25282334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25292334.adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25302334.adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
25312334.adc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll *pfFlags=0x0 pwszSearchPath=00000000007b7180:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25322334.adc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25332334.adc: supR3HardenedDllNotificationCallback: load 000007fee8d20000 LB 0x004e7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25342334.adc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25352334.adc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8d20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25362334.d10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25372334.d10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25382334.d10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
25392334.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25402334.d10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25412334.d10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25422334.d10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
25432334.d10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25442334.d10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25452334.d10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
25462334.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL *pfFlags=0x0 pwszSearchPath=0000000002de64d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25472334.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25482334.d10: supR3HardenedDllNotificationCallback: load 000007fefa640000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
25492334.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25502334.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa640000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
25512334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25522334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000786940:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25532334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff080000 'C:\Windows\system32\shell32.dll'
25542334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25552334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000786940:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25562334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe930000 'C:\Windows\system32\ole32.dll'
25572334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25582334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000002de6950:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25592334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe930000 'C:\Windows\system32\ole32.dll'
25602334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
25612334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll *pfFlags=0x0 pwszSearchPath=0000000000616610:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25622334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\MSCTF.dll'
25632334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d0 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
25642334.d04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755070
25652334.d04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755070
25662334.d04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
25672334.d04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
25682334.d04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25692334.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)WinVerifyTrust
25702334.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
25712334.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
25722334.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
25732334.d04: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
25742334.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
25752334.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\apphelp.dll'
2576205c.2038: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc000041d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5365 ms, the end);
257711c0.15b0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc000041d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5965 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy