VirtualBox

Ticket #13669: VBoxStartup.log

File VBoxStartup.log, 283.1 KB (added by Gatto Silvestro, 10 years ago)
Line 
11518.1634: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x611db110
21518.1634: \SystemRoot\System32\ntdll.dll:
31518.1634: CreationTime: 2014-05-23T06:41:42.620493300Z
41518.1634: LastWriteTime: 2013-08-02T02:15:44.087554100Z
51518.1634: ChangeTime: 2015-02-04T10:36:41.664747900Z
61518.1634: FileAttributes: 0x20
71518.1634: Size: 0x1a6dc0
81518.1634: NT Headers: 0xe0
91518.1634: Timestamp: 0x51fb164a
101518.1634: Machine: 0x8664 - amd64
111518.1634: Timestamp: 0x51fb164a
121518.1634: Image Version: 6.1
131518.1634: SizeOfImage: 0x1a9000 (1740800)
141518.1634: Resource Dir: 0x151000 LB 0x560d8
151518.1634: ProductName: Microsoft® Windows® Operating System
161518.1634: ProductVersion: 6.1.7601.18229
171518.1634: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
181518.1634: FileDescription: NT Layer DLL
191518.1634: \SystemRoot\System32\kernel32.dll:
201518.1634: CreationTime: 2014-05-23T06:21:23.001735100Z
211518.1634: LastWriteTime: 2014-03-04T09:44:00.336000000Z
221518.1634: ChangeTime: 2014-05-27T23:56:26.055197200Z
231518.1634: FileAttributes: 0x20
241518.1634: Size: 0x11c000
251518.1634: NT Headers: 0xe8
261518.1634: Timestamp: 0x5315a059
271518.1634: Machine: 0x8664 - amd64
281518.1634: Timestamp: 0x5315a059
291518.1634: Image Version: 6.1
301518.1634: SizeOfImage: 0x11f000 (1175552)
311518.1634: Resource Dir: 0x116000 LB 0x528
321518.1634: ProductName: Microsoft® Windows® Operating System
331518.1634: ProductVersion: 6.1.7601.18409
341518.1634: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
351518.1634: FileDescription: Windows NT BASE API Client DLL
361518.1634: \SystemRoot\System32\KernelBase.dll:
371518.1634: CreationTime: 2014-05-23T06:40:40.911963800Z
381518.1634: LastWriteTime: 2014-03-04T09:44:00.336000000Z
391518.1634: ChangeTime: 2014-05-27T23:56:31.281206400Z
401518.1634: FileAttributes: 0x20
411518.1634: Size: 0x67c00
421518.1634: NT Headers: 0xe8
431518.1634: Timestamp: 0x5315a05a
441518.1634: Machine: 0x8664 - amd64
451518.1634: Timestamp: 0x5315a05a
461518.1634: Image Version: 6.1
471518.1634: SizeOfImage: 0x6c000 (442368)
481518.1634: Resource Dir: 0x6a000 LB 0x530
491518.1634: ProductName: Microsoft® Windows® Operating System
501518.1634: ProductVersion: 6.1.7601.18409
511518.1634: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
521518.1634: FileDescription: Windows NT BASE API Client DLL
531518.1634: \SystemRoot\System32\apisetschema.dll:
541518.1634: CreationTime: 2014-05-23T06:40:37.683779100Z
551518.1634: LastWriteTime: 2013-08-02T02:12:20.275000000Z
561518.1634: ChangeTime: 2014-05-27T23:56:31.140806100Z
571518.1634: FileAttributes: 0x20
581518.1634: Size: 0x1a00
591518.1634: NT Headers: 0xc0
601518.1634: Timestamp: 0x51fb15ca
611518.1634: Machine: 0x8664 - amd64
621518.1634: Timestamp: 0x51fb15ca
631518.1634: Image Version: 6.1
641518.1634: SizeOfImage: 0x50000 (327680)
651518.1634: Resource Dir: 0x30000 LB 0x3f8
661518.1634: ProductName: Microsoft® Windows® Operating System
671518.1634: ProductVersion: 6.1.7601.18229
681518.1634: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
691518.1634: FileDescription: ApiSet Schema DLL
701518.1634: Found driver aswVmm (0x4)
711518.1634: Found driver aswHwid (0x4)
721518.1634: Found driver aswStm (0x4)
731518.1634: Found driver aswRvrt (0x4)
741518.1634: supR3HardenedWinFindAdversaries: 0x84
751518.1634: \SystemRoot\System32\drivers\aswHwid.sys:
761518.1634: CreationTime: 2014-04-25T01:18:00.759391200Z
771518.1634: LastWriteTime: 2015-02-01T10:15:18.642163900Z
781518.1634: ChangeTime: 2015-02-01T10:18:25.926876000Z
791518.1634: FileAttributes: 0x20
801518.1634: Size: 0x7218
811518.1634: NT Headers: 0xe8
821518.1634: Timestamp: 0x545b6fa5
831518.1634: Machine: 0x8664 - amd64
841518.1634: Timestamp: 0x545b6fa5
851518.1634: Image Version: 6.0
861518.1634: SizeOfImage: 0xa000 (40960)
871518.1634: Resource Dir: 0x8000 LB 0x460
881518.1634: ProductName: Avast Antivirus
891518.1634: ProductVersion: 10.0.2208.712
901518.1634: FileVersion: 10.0.2208.712
911518.1634: SpecialBuild: feb2012
921518.1634: PrivateBuild: 0SpecialBuild
931518.1634: FileDescription: avast! HWID
941518.1634: \SystemRoot\System32\drivers\aswMonFlt.sys:
951518.1634: CreationTime: 2014-04-24T00:22:07.562996200Z
961518.1634: LastWriteTime: 2015-02-01T10:15:18.778171700Z
971518.1634: ChangeTime: 2015-02-01T10:18:25.927876100Z
981518.1634: FileAttributes: 0x20
991518.1634: Size: 0x14550
1001518.1634: NT Headers: 0xe8
1011518.1634: Timestamp: 0x545b6f33
1021518.1634: Machine: 0x8664 - amd64
1031518.1634: Timestamp: 0x545b6f33
1041518.1634: Image Version: 6.0
1051518.1634: SizeOfImage: 0x22000 (139264)
1061518.1634: Resource Dir: 0x20000 LB 0x3b8
1071518.1634: ProductName: Avast Antivirus
1081518.1634: ProductVersion: 10.0.2208.712
1091518.1634: FileVersion: 10.0.2208.712
1101518.1634: FileDescription: avast! File System Minifilter for Windows 2003/Vista
1111518.1634: \SystemRoot\System32\drivers\aswRdr2.sys:
1121518.1634: CreationTime: 2014-04-24T00:22:07.781396600Z
1131518.1634: LastWriteTime: 2015-02-01T10:15:17.639106600Z
1141518.1634: ChangeTime: 2015-02-01T10:18:25.927876100Z
1151518.1634: FileAttributes: 0x20
1161518.1634: Size: 0x16d80
1171518.1634: NT Headers: 0xf0
1181518.1634: Timestamp: 0x545b6f6a
1191518.1634: Machine: 0x8664 - amd64
1201518.1634: Timestamp: 0x545b6f6a
1211518.1634: Image Version: 6.1
1221518.1634: SizeOfImage: 0x1a000 (106496)
1231518.1634: Resource Dir: 0x18000 LB 0x3a0
1241518.1634: ProductName: Avast Antivirus
1251518.1634: ProductVersion: 10.0.2208.712
1261518.1634: FileVersion: 10.0.2208.712 built by: WinDDK
1271518.1634: FileDescription: avast! WFP Redirect Driver
1281518.1634: \SystemRoot\System32\drivers\aswRvrt.sys:
1291518.1634: CreationTime: 2014-04-24T00:22:07.656596300Z
1301518.1634: LastWriteTime: 2015-02-01T10:15:18.898178600Z
1311518.1634: ChangeTime: 2015-02-01T10:18:25.928876100Z
1321518.1634: FileAttributes: 0x20
1331518.1634: Size: 0x100f0
1341518.1634: NT Headers: 0xf8
1351518.1634: Timestamp: 0x545b6f42
1361518.1634: Machine: 0x8664 - amd64
1371518.1634: Timestamp: 0x545b6f42
1381518.1634: Image Version: 6.0
1391518.1634: SizeOfImage: 0x13000 (77824)
1401518.1634: Resource Dir: 0x11000 LB 0x468
1411518.1634: ProductName: Avast Antivirus
1421518.1634: ProductVersion: 10.0.2208.712
1431518.1634: FileVersion: 10.0.2208.712
1441518.1634: SpecialBuild: feb2012
1451518.1634: PrivateBuild: 0SpecialBuild
1461518.1634: FileDescription: avast! Revert
1471518.1634: \SystemRoot\System32\drivers\aswSnx.sys:
1481518.1634: CreationTime: 2014-04-24T00:22:07.718996400Z
1491518.1634: LastWriteTime: 2015-02-01T10:19:33.325731000Z
1501518.1634: ChangeTime: 2015-02-01T10:19:33.325731000Z
1511518.1634: FileAttributes: 0x20
1521518.1634: Size: 0x100740
1531518.1634: NT Headers: 0xf0
1541518.1634: Timestamp: 0x546f1f38
1551518.1634: Machine: 0x8664 - amd64
1561518.1634: Timestamp: 0x546f1f38
1571518.1634: Image Version: 6.0
1581518.1634: SizeOfImage: 0x104000 (1064960)
1591518.1634: Resource Dir: 0xfc000 LB 0x380
1601518.1634: ProductName: Avast Antivirus
1611518.1634: ProductVersion: 10.0.2208.722
1621518.1634: FileVersion: 10.0.2208.722
1631518.1634: FileDescription: avast! Virtualization Driver
1641518.1634: \SystemRoot\System32\drivers\aswsp.sys:
1651518.1634: CreationTime: 2014-04-24T00:22:07.812596600Z
1661518.1634: LastWriteTime: 2015-02-01T10:15:19.023185700Z
1671518.1634: ChangeTime: 2015-02-01T10:18:25.928876100Z
1681518.1634: FileAttributes: 0x20
1691518.1634: Size: 0x6a990
1701518.1634: NT Headers: 0x100
1711518.1634: Timestamp: 0x545b7323
1721518.1634: Machine: 0x8664 - amd64
1731518.1634: Timestamp: 0x545b7323
1741518.1634: Image Version: 6.0
1751518.1634: SizeOfImage: 0x71000 (462848)
1761518.1634: Resource Dir: 0x6f000 LB 0x378
1771518.1634: ProductName: Avast Antivirus
1781518.1634: ProductVersion: 10.0.2208.712
1791518.1634: FileVersion: 10.0.2208.712
1801518.1634: FileDescription: avast! self protection module
1811518.1634: \SystemRoot\System32\drivers\aswStm.sys:
1821518.1634: CreationTime: 2014-04-25T01:18:00.884191400Z
1831518.1634: LastWriteTime: 2015-02-01T10:15:19.346204200Z
1841518.1634: ChangeTime: 2015-02-01T10:18:25.929876200Z
1851518.1634: FileAttributes: 0x20
1861518.1634: Size: 0x1c7f8
1871518.1634: NT Headers: 0x110
1881518.1634: Timestamp: 0x545b7364
1891518.1634: Machine: 0x8664 - amd64
1901518.1634: Timestamp: 0x545b7364
1911518.1634: Image Version: 6.2
1921518.1634: SizeOfImage: 0x1f000 (126976)
1931518.1634: Resource Dir: 0x1d000 LB 0x358
1941518.1634: ProductName: Avast Antivirus
1951518.1634: ProductVersion: 10.0.2208.712
1961518.1634: FileVersion: 10.0.2208.712
1971518.1634: FileDescription: Stream Filter
1981518.1634: \SystemRoot\System32\drivers\aswVmm.sys:
1991518.1634: CreationTime: 2014-04-24T00:22:07.703396400Z
2001518.1634: LastWriteTime: 2015-02-01T10:15:19.138192300Z
2011518.1634: ChangeTime: 2015-02-01T10:18:25.929876200Z
2021518.1634: FileAttributes: 0x20
2031518.1634: Size: 0x41570
2041518.1634: NT Headers: 0xf0
2051518.1634: Timestamp: 0x545b6f4b
2061518.1634: Machine: 0x8664 - amd64
2071518.1634: Timestamp: 0x545b6f4b
2081518.1634: Image Version: 6.0
2091518.1634: SizeOfImage: 0x43000 (274432)
2101518.1634: Resource Dir: 0x40000 LB 0x470
2111518.1634: ProductName: Avast Antivirus
2121518.1634: ProductVersion: 10.0.2208.712
2131518.1634: FileVersion: 10.0.2208.712
2141518.1634: SpecialBuild: feb2012
2151518.1634: PrivateBuild: 0SpecialBuild
2161518.1634: FileDescription: avast! VM Monitor
2171518.1634: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
2181518.1634: CreationTime: 2014-11-24T11:08:45.488299600Z
2191518.1634: LastWriteTime: 2015-01-05T01:45:12.780628000Z
2201518.1634: ChangeTime: 2015-01-05T01:45:12.780628000Z
2211518.1634: FileAttributes: 0x20
2221518.1634: Size: 0x1fad8
2231518.1634: NT Headers: 0xd8
2241518.1634: Timestamp: 0x541caaaf
2251518.1634: Machine: 0x8664 - amd64
2261518.1634: Timestamp: 0x541caaaf
2271518.1634: Image Version: 6.1
2281518.1634: SizeOfImage: 0x23000 (143360)
2291518.1634: Resource Dir: 0x22000 LB 0x3f0
2301518.1634: ProductName: Malwarebytes Anti-Malware
2311518.1634: ProductVersion: 0.2.13.0
2321518.1634: FileVersion: 0.2.13.0
2331518.1634: FileDescription: Malwarebytes Anti-Malware
2341518.1634: \SystemRoot\System32\drivers\mwac.sys:
2351518.1634: CreationTime: 2014-11-24T11:08:27.678274700Z
2361518.1634: LastWriteTime: 2014-11-21T05:14:22.000000000Z
2371518.1634: ChangeTime: 2014-12-02T18:47:48.758649300Z
2381518.1634: FileAttributes: 0x20
2391518.1634: Size: 0xf8d8
2401518.1634: NT Headers: 0xf8
2411518.1634: Timestamp: 0x53a0f42a
2421518.1634: Machine: 0x8664 - amd64
2431518.1634: Timestamp: 0x53a0f42a
2441518.1634: Image Version: 6.2
2451518.1634: SizeOfImage: 0x12000 (73728)
2461518.1634: Resource Dir: 0x10000 LB 0x3e0
2471518.1634: ProductName: Malwarebytes Web Access Control
2481518.1634: ProductVersion: 1.0.6.0
2491518.1634: FileVersion: 1.0.6.0
2501518.1634: FileDescription: Malwarebytes Web Access Control
2511518.1634: \SystemRoot\System32\drivers\mbamchameleon.sys:
2521518.1634: CreationTime: 2014-11-24T11:08:27.708274700Z
2531518.1634: LastWriteTime: 2014-11-21T05:14:12.000000000Z
2541518.1634: ChangeTime: 2014-12-02T18:47:48.836649500Z
2551518.1634: FileAttributes: 0x20
2561518.1634: Size: 0x16cd8
2571518.1634: NT Headers: 0xe0
2581518.1634: Timestamp: 0x53f2136a
2591518.1634: Machine: 0x8664 - amd64
2601518.1634: Timestamp: 0x53f2136a
2611518.1634: Image Version: 6.1
2621518.1634: SizeOfImage: 0x1a000 (106496)
2631518.1634: Resource Dir: 0x18000 LB 0xbd0
2641518.1634: ProductName: Malwarebytes Chameleon
2651518.1634: ProductVersion: 1.1.4.0
2661518.1634: FileVersion: 1.1.4.0
2671518.1634: FileDescription: Malwarebytes Chameleon Protection Driver
2681518.1634: \SystemRoot\System32\drivers\mbam.sys:
2691518.1634: CreationTime: 2014-11-24T11:08:27.658274600Z
2701518.1634: LastWriteTime: 2014-11-21T05:14:08.000000000Z
2711518.1634: ChangeTime: 2014-12-02T18:47:48.727449300Z
2721518.1634: FileAttributes: 0x20
2731518.1634: Size: 0x64d8
2741518.1634: NT Headers: 0xd8
2751518.1634: Timestamp: 0x540754e1
2761518.1634: Machine: 0x8664 - amd64
2771518.1634: Timestamp: 0x540754e1
2781518.1634: Image Version: 6.1
2791518.1634: SizeOfImage: 0xa000 (40960)
2801518.1634: Resource Dir: 0x8000 LB 0x3d0
2811518.1634: ProductName: Malwarebytes Anti-Malware
2821518.1634: ProductVersion: 0.1.15.0
2831518.1634: FileVersion: 0.1.15.0
2841518.1634: FileDescription: Malwarebytes Anti-Malware
2851518.1634: Calling main()
2861518.1634: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2871518.1634: SUPR3HardenedMain: Respawn #1
2881518.1634: System32: \Device\HarddiskVolume6\Windows\System32
2891518.1634: WinSxS: \Device\HarddiskVolume6\Windows\winsxs
2901518.1634: KnownDllPath: C:\Windows\system32
2911518.1634: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2921518.1634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2931518.1634: supR3HardNtEnableThreadCreation:
2941518.1634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b4c340 pvNtTerminateThread=0000000077b717e0
2951518.1634: supR3HardenedWinDoReSpawn(1): New child 18bc.b98 [kernel32].
2961518.1634: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
2971518.1634: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b20000 uNtDllChildAddr=0000000077b20000
2981518.1634: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b4c340
2991518.1634: supR3HardenedWinSetupChildInit: Start child.
3001518.1634: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 78 ms.
3011518.1634: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps
3021518.1634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3031518.1634: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3041518.1634: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3051518.1634: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3061518.1634: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3071518.1634: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3081518.1634: 0000000000041000-ffffffffffec1fff 0x0001/0x0000 0x0000000
3091518.1634: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000
3101518.1634: 00000000002bc000-00000000002b8fff 0x0104/0x0004 0x0020000
3111518.1634: 00000000002bf000-00000000002bdfff 0x0004/0x0004 0x0020000
3121518.1634: 00000000002c0000-ffffffff88a5ffff 0x0001/0x0000 0x0000000
3131518.1634: *0000000077b20000-0000000077b1efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3141518.1634: 0000000077b21000-0000000077a1efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3151518.1634: 0000000077c23000-0000000077bf3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3161518.1634: 0000000077c52000-0000000077c49fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3171518.1634: 0000000077c5a000-0000000077c58fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3181518.1634: 0000000077c5b000-0000000077c57fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3191518.1634: 0000000077c5e000-0000000077bf2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
3201518.1634: 0000000077cc9000-00000000709b1fff 0x0001/0x0000 0x0000000
3211518.1634: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3221518.1634: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3231518.1634: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3241518.1634: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000
3251518.1634: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3261518.1634: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3271518.1634: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3281518.1634: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3291518.1634: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3301518.1634: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3311518.1634: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3321518.1634: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3331518.1634: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3341518.1634: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3351518.1634: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
3361518.1634: 000000013fc56000-fffff8037fa6bfff 0x0001/0x0000 0x0000000
3371518.1634: *000007feffe40000-000007feffe3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\apisetschema.dll
3381518.1634: 000007feffe41000-000007fdffcd1fff 0x0001/0x0000 0x0000000
3391518.1634: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3401518.1634: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
3411518.1634: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
3421518.1634: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
3431518.1634: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3441518.1634: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
3451518.1634: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
3461518.1634: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3471518.1634: '\Device\HarddiskVolume6\Windows\System32\apisetschema.dll' has no imports
3481518.1634: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
3491518.1634: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
35018bc.b98: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
35118bc.b98: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b20000
3521518.1634: supR3HardNtEnableThreadCreation:
35318bc.b98: ntdll.dll: timestamp 0x51fb164a (rc=VINF_SUCCESS)
35418bc.b98: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation)
35518bc.b98: System32: \Device\HarddiskVolume6\Windows\System32
35618bc.b98: WinSxS: \Device\HarddiskVolume6\Windows\winsxs
35718bc.b98: KnownDllPath: C:\Windows\system32
35818bc.b98: supR3HardenedVmProcessInit: Opening vboxdrv stub...
35918bc.b98: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
36018bc.b98: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
36118bc.b98: Registered Dll notification callback with NTDLL.
36218bc.b98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll)
36318bc.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll
36418bc.b98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
36518bc.b98: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
36618bc.b98: supR3HardenedDllNotificationCallback: load 0000000077900000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
36718bc.b98: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
36818bc.b98: supR3HardenedDllNotificationCallback: load 000007fefdcf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
36918bc.b98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll)
37018bc.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
37118bc.b98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077900000 'C:\Windows\system32\kernel32.dll'
37218bc.b98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b4c340 pvNtTerminateThread=0000000077b717e0
3731518.1634: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
37418bc.b98: \SystemRoot\System32\ntdll.dll:
37518bc.b98: CreationTime: 2014-05-23T06:41:42.620493300Z
37618bc.b98: LastWriteTime: 2013-08-02T02:15:44.087554100Z
37718bc.b98: ChangeTime: 2015-02-04T10:36:41.664747900Z
37818bc.b98: FileAttributes: 0x20
37918bc.b98: Size: 0x1a6dc0
38018bc.b98: NT Headers: 0xe0
38118bc.b98: Timestamp: 0x51fb164a
38218bc.b98: Machine: 0x8664 - amd64
38318bc.b98: Timestamp: 0x51fb164a
38418bc.b98: Image Version: 6.1
38518bc.b98: SizeOfImage: 0x1a9000 (1740800)
38618bc.b98: Resource Dir: 0x151000 LB 0x560d8
38718bc.b98: ProductName: Microsoft® Windows® Operating System
38818bc.b98: ProductVersion: 6.1.7601.18229
38918bc.b98: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
39018bc.b98: FileDescription: NT Layer DLL
39118bc.b98: \SystemRoot\System32\kernel32.dll:
39218bc.b98: CreationTime: 2014-05-23T06:21:23.001735100Z
39318bc.b98: LastWriteTime: 2014-03-04T09:44:00.336000000Z
39418bc.b98: ChangeTime: 2014-05-27T23:56:26.055197200Z
39518bc.b98: FileAttributes: 0x20
39618bc.b98: Size: 0x11c000
39718bc.b98: NT Headers: 0xe8
39818bc.b98: Timestamp: 0x5315a059
39918bc.b98: Machine: 0x8664 - amd64
40018bc.b98: Timestamp: 0x5315a059
40118bc.b98: Image Version: 6.1
40218bc.b98: SizeOfImage: 0x11f000 (1175552)
40318bc.b98: Resource Dir: 0x116000 LB 0x528
40418bc.b98: ProductName: Microsoft® Windows® Operating System
40518bc.b98: ProductVersion: 6.1.7601.18409
40618bc.b98: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
40718bc.b98: FileDescription: Windows NT BASE API Client DLL
40818bc.b98: \SystemRoot\System32\KernelBase.dll:
40918bc.b98: CreationTime: 2014-05-23T06:40:40.911963800Z
41018bc.b98: LastWriteTime: 2014-03-04T09:44:00.336000000Z
41118bc.b98: ChangeTime: 2014-05-27T23:56:31.281206400Z
41218bc.b98: FileAttributes: 0x20
41318bc.b98: Size: 0x67c00
41418bc.b98: NT Headers: 0xe8
41518bc.b98: Timestamp: 0x5315a05a
41618bc.b98: Machine: 0x8664 - amd64
41718bc.b98: Timestamp: 0x5315a05a
41818bc.b98: Image Version: 6.1
41918bc.b98: SizeOfImage: 0x6c000 (442368)
42018bc.b98: Resource Dir: 0x6a000 LB 0x530
42118bc.b98: ProductName: Microsoft® Windows® Operating System
42218bc.b98: ProductVersion: 6.1.7601.18409
42318bc.b98: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
42418bc.b98: FileDescription: Windows NT BASE API Client DLL
42518bc.b98: \SystemRoot\System32\apisetschema.dll:
42618bc.b98: CreationTime: 2014-05-23T06:40:37.683779100Z
42718bc.b98: LastWriteTime: 2013-08-02T02:12:20.275000000Z
42818bc.b98: ChangeTime: 2014-05-27T23:56:31.140806100Z
42918bc.b98: FileAttributes: 0x20
43018bc.b98: Size: 0x1a00
43118bc.b98: NT Headers: 0xc0
43218bc.b98: Timestamp: 0x51fb15ca
43318bc.b98: Machine: 0x8664 - amd64
43418bc.b98: Timestamp: 0x51fb15ca
43518bc.b98: Image Version: 6.1
43618bc.b98: SizeOfImage: 0x50000 (327680)
43718bc.b98: Resource Dir: 0x30000 LB 0x3f8
43818bc.b98: ProductName: Microsoft® Windows® Operating System
43918bc.b98: ProductVersion: 6.1.7601.18229
44018bc.b98: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
44118bc.b98: FileDescription: ApiSet Schema DLL
44218bc.b98: Found driver aswVmm (0x4)
44318bc.b98: Found driver aswHwid (0x4)
44418bc.b98: Found driver aswStm (0x4)
44518bc.b98: Found driver aswRvrt (0x4)
44618bc.b98: supR3HardenedWinFindAdversaries: 0x84
44718bc.b98: \SystemRoot\System32\drivers\aswHwid.sys:
44818bc.b98: CreationTime: 2014-04-25T01:18:00.759391200Z
44918bc.b98: LastWriteTime: 2015-02-01T10:15:18.642163900Z
45018bc.b98: ChangeTime: 2015-02-01T10:18:25.926876000Z
45118bc.b98: FileAttributes: 0x20
45218bc.b98: Size: 0x7218
45318bc.b98: NT Headers: 0xe8
45418bc.b98: Timestamp: 0x545b6fa5
45518bc.b98: Machine: 0x8664 - amd64
45618bc.b98: Timestamp: 0x545b6fa5
45718bc.b98: Image Version: 6.0
45818bc.b98: SizeOfImage: 0xa000 (40960)
45918bc.b98: Resource Dir: 0x8000 LB 0x460
46018bc.b98: ProductName: Avast Antivirus
46118bc.b98: ProductVersion: 10.0.2208.712
46218bc.b98: FileVersion: 10.0.2208.712
46318bc.b98: SpecialBuild: feb2012
46418bc.b98: PrivateBuild: 0SpecialBuild
46518bc.b98: FileDescription: avast! HWID
46618bc.b98: \SystemRoot\System32\drivers\aswMonFlt.sys:
46718bc.b98: CreationTime: 2014-04-24T00:22:07.562996200Z
46818bc.b98: LastWriteTime: 2015-02-01T10:15:18.778171700Z
46918bc.b98: ChangeTime: 2015-02-01T10:18:25.927876100Z
47018bc.b98: FileAttributes: 0x20
47118bc.b98: Size: 0x14550
47218bc.b98: NT Headers: 0xe8
47318bc.b98: Timestamp: 0x545b6f33
47418bc.b98: Machine: 0x8664 - amd64
47518bc.b98: Timestamp: 0x545b6f33
47618bc.b98: Image Version: 6.0
47718bc.b98: SizeOfImage: 0x22000 (139264)
47818bc.b98: Resource Dir: 0x20000 LB 0x3b8
47918bc.b98: ProductName: Avast Antivirus
48018bc.b98: ProductVersion: 10.0.2208.712
48118bc.b98: FileVersion: 10.0.2208.712
48218bc.b98: FileDescription: avast! File System Minifilter for Windows 2003/Vista
48318bc.b98: \SystemRoot\System32\drivers\aswRdr2.sys:
48418bc.b98: CreationTime: 2014-04-24T00:22:07.781396600Z
48518bc.b98: LastWriteTime: 2015-02-01T10:15:17.639106600Z
48618bc.b98: ChangeTime: 2015-02-01T10:18:25.927876100Z
48718bc.b98: FileAttributes: 0x20
48818bc.b98: Size: 0x16d80
48918bc.b98: NT Headers: 0xf0
49018bc.b98: Timestamp: 0x545b6f6a
49118bc.b98: Machine: 0x8664 - amd64
49218bc.b98: Timestamp: 0x545b6f6a
49318bc.b98: Image Version: 6.1
49418bc.b98: SizeOfImage: 0x1a000 (106496)
49518bc.b98: Resource Dir: 0x18000 LB 0x3a0
49618bc.b98: ProductName: Avast Antivirus
49718bc.b98: ProductVersion: 10.0.2208.712
49818bc.b98: FileVersion: 10.0.2208.712 built by: WinDDK
49918bc.b98: FileDescription: avast! WFP Redirect Driver
50018bc.b98: \SystemRoot\System32\drivers\aswRvrt.sys:
50118bc.b98: CreationTime: 2014-04-24T00:22:07.656596300Z
50218bc.b98: LastWriteTime: 2015-02-01T10:15:18.898178600Z
50318bc.b98: ChangeTime: 2015-02-01T10:18:25.928876100Z
50418bc.b98: FileAttributes: 0x20
50518bc.b98: Size: 0x100f0
50618bc.b98: NT Headers: 0xf8
50718bc.b98: Timestamp: 0x545b6f42
50818bc.b98: Machine: 0x8664 - amd64
50918bc.b98: Timestamp: 0x545b6f42
51018bc.b98: Image Version: 6.0
51118bc.b98: SizeOfImage: 0x13000 (77824)
51218bc.b98: Resource Dir: 0x11000 LB 0x468
51318bc.b98: ProductName: Avast Antivirus
51418bc.b98: ProductVersion: 10.0.2208.712
51518bc.b98: FileVersion: 10.0.2208.712
51618bc.b98: SpecialBuild: feb2012
51718bc.b98: PrivateBuild: 0SpecialBuild
51818bc.b98: FileDescription: avast! Revert
51918bc.b98: \SystemRoot\System32\drivers\aswSnx.sys:
52018bc.b98: CreationTime: 2014-04-24T00:22:07.718996400Z
52118bc.b98: LastWriteTime: 2015-02-01T10:19:33.325731000Z
52218bc.b98: ChangeTime: 2015-02-01T10:19:33.325731000Z
52318bc.b98: FileAttributes: 0x20
52418bc.b98: Size: 0x100740
52518bc.b98: NT Headers: 0xf0
52618bc.b98: Timestamp: 0x546f1f38
52718bc.b98: Machine: 0x8664 - amd64
52818bc.b98: Timestamp: 0x546f1f38
52918bc.b98: Image Version: 6.0
53018bc.b98: SizeOfImage: 0x104000 (1064960)
53118bc.b98: Resource Dir: 0xfc000 LB 0x380
53218bc.b98: ProductName: Avast Antivirus
53318bc.b98: ProductVersion: 10.0.2208.722
53418bc.b98: FileVersion: 10.0.2208.722
53518bc.b98: FileDescription: avast! Virtualization Driver
53618bc.b98: \SystemRoot\System32\drivers\aswsp.sys:
53718bc.b98: CreationTime: 2014-04-24T00:22:07.812596600Z
53818bc.b98: LastWriteTime: 2015-02-01T10:15:19.023185700Z
53918bc.b98: ChangeTime: 2015-02-01T10:18:25.928876100Z
54018bc.b98: FileAttributes: 0x20
54118bc.b98: Size: 0x6a990
54218bc.b98: NT Headers: 0x100
54318bc.b98: Timestamp: 0x545b7323
54418bc.b98: Machine: 0x8664 - amd64
54518bc.b98: Timestamp: 0x545b7323
54618bc.b98: Image Version: 6.0
54718bc.b98: SizeOfImage: 0x71000 (462848)
54818bc.b98: Resource Dir: 0x6f000 LB 0x378
54918bc.b98: ProductName: Avast Antivirus
55018bc.b98: ProductVersion: 10.0.2208.712
55118bc.b98: FileVersion: 10.0.2208.712
55218bc.b98: FileDescription: avast! self protection module
55318bc.b98: \SystemRoot\System32\drivers\aswStm.sys:
55418bc.b98: CreationTime: 2014-04-25T01:18:00.884191400Z
55518bc.b98: LastWriteTime: 2015-02-01T10:15:19.346204200Z
55618bc.b98: ChangeTime: 2015-02-01T10:18:25.929876200Z
55718bc.b98: FileAttributes: 0x20
55818bc.b98: Size: 0x1c7f8
55918bc.b98: NT Headers: 0x110
56018bc.b98: Timestamp: 0x545b7364
56118bc.b98: Machine: 0x8664 - amd64
56218bc.b98: Timestamp: 0x545b7364
56318bc.b98: Image Version: 6.2
56418bc.b98: SizeOfImage: 0x1f000 (126976)
56518bc.b98: Resource Dir: 0x1d000 LB 0x358
56618bc.b98: ProductName: Avast Antivirus
56718bc.b98: ProductVersion: 10.0.2208.712
56818bc.b98: FileVersion: 10.0.2208.712
56918bc.b98: FileDescription: Stream Filter
57018bc.b98: \SystemRoot\System32\drivers\aswVmm.sys:
57118bc.b98: CreationTime: 2014-04-24T00:22:07.703396400Z
57218bc.b98: LastWriteTime: 2015-02-01T10:15:19.138192300Z
57318bc.b98: ChangeTime: 2015-02-01T10:18:25.929876200Z
57418bc.b98: FileAttributes: 0x20
57518bc.b98: Size: 0x41570
57618bc.b98: NT Headers: 0xf0
57718bc.b98: Timestamp: 0x545b6f4b
57818bc.b98: Machine: 0x8664 - amd64
57918bc.b98: Timestamp: 0x545b6f4b
58018bc.b98: Image Version: 6.0
58118bc.b98: SizeOfImage: 0x43000 (274432)
58218bc.b98: Resource Dir: 0x40000 LB 0x470
58318bc.b98: ProductName: Avast Antivirus
58418bc.b98: ProductVersion: 10.0.2208.712
58518bc.b98: FileVersion: 10.0.2208.712
58618bc.b98: SpecialBuild: feb2012
58718bc.b98: PrivateBuild: 0SpecialBuild
58818bc.b98: FileDescription: avast! VM Monitor
58918bc.b98: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
59018bc.b98: CreationTime: 2014-11-24T11:08:45.488299600Z
59118bc.b98: LastWriteTime: 2015-01-05T01:45:12.780628000Z
59218bc.b98: ChangeTime: 2015-01-05T01:45:12.780628000Z
59318bc.b98: FileAttributes: 0x20
59418bc.b98: Size: 0x1fad8
59518bc.b98: NT Headers: 0xd8
59618bc.b98: Timestamp: 0x541caaaf
59718bc.b98: Machine: 0x8664 - amd64
59818bc.b98: Timestamp: 0x541caaaf
59918bc.b98: Image Version: 6.1
60018bc.b98: SizeOfImage: 0x23000 (143360)
60118bc.b98: Resource Dir: 0x22000 LB 0x3f0
60218bc.b98: ProductName: Malwarebytes Anti-Malware
60318bc.b98: ProductVersion: 0.2.13.0
60418bc.b98: FileVersion: 0.2.13.0
60518bc.b98: FileDescription: Malwarebytes Anti-Malware
60618bc.b98: \SystemRoot\System32\drivers\mwac.sys:
60718bc.b98: CreationTime: 2014-11-24T11:08:27.678274700Z
60818bc.b98: LastWriteTime: 2014-11-21T05:14:22.000000000Z
60918bc.b98: ChangeTime: 2014-12-02T18:47:48.758649300Z
61018bc.b98: FileAttributes: 0x20
61118bc.b98: Size: 0xf8d8
61218bc.b98: NT Headers: 0xf8
61318bc.b98: Timestamp: 0x53a0f42a
61418bc.b98: Machine: 0x8664 - amd64
61518bc.b98: Timestamp: 0x53a0f42a
61618bc.b98: Image Version: 6.2
61718bc.b98: SizeOfImage: 0x12000 (73728)
61818bc.b98: Resource Dir: 0x10000 LB 0x3e0
61918bc.b98: ProductName: Malwarebytes Web Access Control
62018bc.b98: ProductVersion: 1.0.6.0
62118bc.b98: FileVersion: 1.0.6.0
62218bc.b98: FileDescription: Malwarebytes Web Access Control
62318bc.b98: \SystemRoot\System32\drivers\mbamchameleon.sys:
62418bc.b98: CreationTime: 2014-11-24T11:08:27.708274700Z
62518bc.b98: LastWriteTime: 2014-11-21T05:14:12.000000000Z
62618bc.b98: ChangeTime: 2014-12-02T18:47:48.836649500Z
62718bc.b98: FileAttributes: 0x20
62818bc.b98: Size: 0x16cd8
62918bc.b98: NT Headers: 0xe0
63018bc.b98: Timestamp: 0x53f2136a
63118bc.b98: Machine: 0x8664 - amd64
63218bc.b98: Timestamp: 0x53f2136a
63318bc.b98: Image Version: 6.1
63418bc.b98: SizeOfImage: 0x1a000 (106496)
63518bc.b98: Resource Dir: 0x18000 LB 0xbd0
63618bc.b98: ProductName: Malwarebytes Chameleon
63718bc.b98: ProductVersion: 1.1.4.0
63818bc.b98: FileVersion: 1.1.4.0
63918bc.b98: FileDescription: Malwarebytes Chameleon Protection Driver
64018bc.b98: \SystemRoot\System32\drivers\mbam.sys:
64118bc.b98: CreationTime: 2014-11-24T11:08:27.658274600Z
64218bc.b98: LastWriteTime: 2014-11-21T05:14:08.000000000Z
64318bc.b98: ChangeTime: 2014-12-02T18:47:48.727449300Z
64418bc.b98: FileAttributes: 0x20
64518bc.b98: Size: 0x64d8
64618bc.b98: NT Headers: 0xd8
64718bc.b98: Timestamp: 0x540754e1
64818bc.b98: Machine: 0x8664 - amd64
64918bc.b98: Timestamp: 0x540754e1
65018bc.b98: Image Version: 6.1
65118bc.b98: SizeOfImage: 0xa000 (40960)
65218bc.b98: Resource Dir: 0x8000 LB 0x3d0
65318bc.b98: ProductName: Malwarebytes Anti-Malware
65418bc.b98: ProductVersion: 0.1.15.0
65518bc.b98: FileVersion: 0.1.15.0
65618bc.b98: FileDescription: Malwarebytes Anti-Malware
65718bc.b98: Calling main()
65818bc.b98: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
65918bc.b98: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
66018bc.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
66118bc.b98: SUPR3HardenedMain: Respawn #2
66218bc.b98: supR3HardNtEnableThreadCreation:
66318bc.b98: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\apphelp.dll)
66418bc.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\apphelp.dll
66518bc.b98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
66618bc.b98: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
66718bc.b98: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
66818bc.b98: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
66918bc.b98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd900000 'C:\Windows\system32\apphelp.dll'
67018bc.b98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b4c340 pvNtTerminateThread=0000000077b717e0
67118bc.b98: supR3HardenedWinDoReSpawn(2): New child 1aa8.9e4 [kernel32].
67218bc.b98: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
67318bc.b98: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b20000 uNtDllChildAddr=0000000077b20000
67418bc.b98: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b4c340
67518bc.b98: supR3HardenedWinSetupChildInit: Start child.
67618bc.b98: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 31 ms.
67718bc.b98: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
67818bc.b98: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
67918bc.b98: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
68018bc.b98: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
68118bc.b98: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
68218bc.b98: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
68318bc.b98: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
68418bc.b98: 0000000000041000-fffffffffffa1fff 0x0001/0x0000 0x0000000
68518bc.b98: *00000000000e0000-fffffffffffe3fff 0x0000/0x0004 0x0020000
68618bc.b98: 00000000001dc000-00000000001d8fff 0x0104/0x0004 0x0020000
68718bc.b98: 00000000001df000-00000000001ddfff 0x0004/0x0004 0x0020000
68818bc.b98: 00000000001e0000-ffffffff8889ffff 0x0001/0x0000 0x0000000
68918bc.b98: *0000000077b20000-0000000077b1efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69018bc.b98: 0000000077b21000-0000000077a1efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69118bc.b98: 0000000077c23000-0000000077bf3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69218bc.b98: 0000000077c52000-0000000077c49fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69318bc.b98: 0000000077c5a000-0000000077c58fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69418bc.b98: 0000000077c5b000-0000000077c57fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69518bc.b98: 0000000077c5e000-0000000077bf2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
69618bc.b98: 0000000077cc9000-00000000709b1fff 0x0001/0x0000 0x0000000
69718bc.b98: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
69818bc.b98: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
69918bc.b98: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
70018bc.b98: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000
70118bc.b98: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70218bc.b98: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70318bc.b98: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70418bc.b98: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70518bc.b98: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70618bc.b98: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70718bc.b98: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70818bc.b98: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
70918bc.b98: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
71018bc.b98: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
71118bc.b98: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
71218bc.b98: 000000013fc56000-fffff8037fa6bfff 0x0001/0x0000 0x0000000
71318bc.b98: *000007feffe40000-000007feffe3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\apisetschema.dll
71418bc.b98: 000007feffe41000-000007fdffcd1fff 0x0001/0x0000 0x0000000
71518bc.b98: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
71618bc.b98: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
71718bc.b98: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
71818bc.b98: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
71918bc.b98: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
72018bc.b98: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
72118bc.b98: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
72218bc.b98: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
72318bc.b98: '\Device\HarddiskVolume6\Windows\System32\apisetschema.dll' has no imports
72418bc.b98: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
72518bc.b98: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0).
7261aa8.9e4: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
7271aa8.9e4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b20000
72818bc.b98: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
72918bc.b98: supR3HardNtEnableThreadCreation:
7301aa8.9e4: ntdll.dll: timestamp 0x51fb164a (rc=VINF_SUCCESS)
7311aa8.9e4: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
7321aa8.9e4: System32: \Device\HarddiskVolume6\Windows\System32
7331aa8.9e4: WinSxS: \Device\HarddiskVolume6\Windows\winsxs
7341aa8.9e4: KnownDllPath: C:\Windows\system32
7351aa8.9e4: supR3HardenedVmProcessInit: Opening vboxdrv...
7361aa8.9e4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7371aa8.9e4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7381aa8.9e4: Registered Dll notification callback with NTDLL.
7391aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll)
7401aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll
7411aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
7421aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7431aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000077900000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
7441aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7451aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefdcf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
7461aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll)
7471aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
7481aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077900000 'C:\Windows\system32\kernel32.dll'
7491aa8.9e4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b4c340 pvNtTerminateThread=0000000077b717e0
75018bc.b98: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
7511aa8.9e4: \SystemRoot\System32\ntdll.dll:
7521aa8.9e4: CreationTime: 2014-05-23T06:41:42.620493300Z
7531aa8.9e4: LastWriteTime: 2013-08-02T02:15:44.087554100Z
7541aa8.9e4: ChangeTime: 2015-02-04T10:36:41.664747900Z
7551aa8.9e4: FileAttributes: 0x20
7561aa8.9e4: Size: 0x1a6dc0
7571aa8.9e4: NT Headers: 0xe0
7581aa8.9e4: Timestamp: 0x51fb164a
7591aa8.9e4: Machine: 0x8664 - amd64
7601aa8.9e4: Timestamp: 0x51fb164a
7611aa8.9e4: Image Version: 6.1
7621aa8.9e4: SizeOfImage: 0x1a9000 (1740800)
7631aa8.9e4: Resource Dir: 0x151000 LB 0x560d8
7641aa8.9e4: ProductName: Microsoft® Windows® Operating System
7651aa8.9e4: ProductVersion: 6.1.7601.18229
7661aa8.9e4: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
7671aa8.9e4: FileDescription: NT Layer DLL
7681aa8.9e4: \SystemRoot\System32\kernel32.dll:
7691aa8.9e4: CreationTime: 2014-05-23T06:21:23.001735100Z
7701aa8.9e4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
7711aa8.9e4: ChangeTime: 2014-05-27T23:56:26.055197200Z
7721aa8.9e4: FileAttributes: 0x20
7731aa8.9e4: Size: 0x11c000
7741aa8.9e4: NT Headers: 0xe8
7751aa8.9e4: Timestamp: 0x5315a059
7761aa8.9e4: Machine: 0x8664 - amd64
7771aa8.9e4: Timestamp: 0x5315a059
7781aa8.9e4: Image Version: 6.1
7791aa8.9e4: SizeOfImage: 0x11f000 (1175552)
7801aa8.9e4: Resource Dir: 0x116000 LB 0x528
7811aa8.9e4: ProductName: Microsoft® Windows® Operating System
7821aa8.9e4: ProductVersion: 6.1.7601.18409
7831aa8.9e4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
7841aa8.9e4: FileDescription: Windows NT BASE API Client DLL
7851aa8.9e4: \SystemRoot\System32\KernelBase.dll:
7861aa8.9e4: CreationTime: 2014-05-23T06:40:40.911963800Z
7871aa8.9e4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
7881aa8.9e4: ChangeTime: 2014-05-27T23:56:31.281206400Z
7891aa8.9e4: FileAttributes: 0x20
7901aa8.9e4: Size: 0x67c00
7911aa8.9e4: NT Headers: 0xe8
7921aa8.9e4: Timestamp: 0x5315a05a
7931aa8.9e4: Machine: 0x8664 - amd64
7941aa8.9e4: Timestamp: 0x5315a05a
7951aa8.9e4: Image Version: 6.1
7961aa8.9e4: SizeOfImage: 0x6c000 (442368)
7971aa8.9e4: Resource Dir: 0x6a000 LB 0x530
7981aa8.9e4: ProductName: Microsoft® Windows® Operating System
7991aa8.9e4: ProductVersion: 6.1.7601.18409
8001aa8.9e4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
8011aa8.9e4: FileDescription: Windows NT BASE API Client DLL
8021aa8.9e4: \SystemRoot\System32\apisetschema.dll:
8031aa8.9e4: CreationTime: 2014-05-23T06:40:37.683779100Z
8041aa8.9e4: LastWriteTime: 2013-08-02T02:12:20.275000000Z
8051aa8.9e4: ChangeTime: 2014-05-27T23:56:31.140806100Z
8061aa8.9e4: FileAttributes: 0x20
8071aa8.9e4: Size: 0x1a00
8081aa8.9e4: NT Headers: 0xc0
8091aa8.9e4: Timestamp: 0x51fb15ca
8101aa8.9e4: Machine: 0x8664 - amd64
8111aa8.9e4: Timestamp: 0x51fb15ca
8121aa8.9e4: Image Version: 6.1
8131aa8.9e4: SizeOfImage: 0x50000 (327680)
8141aa8.9e4: Resource Dir: 0x30000 LB 0x3f8
8151aa8.9e4: ProductName: Microsoft® Windows® Operating System
8161aa8.9e4: ProductVersion: 6.1.7601.18229
8171aa8.9e4: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
8181aa8.9e4: FileDescription: ApiSet Schema DLL
8191aa8.9e4: Found driver aswVmm (0x4)
8201aa8.9e4: Found driver aswHwid (0x4)
8211aa8.9e4: Found driver aswStm (0x4)
8221aa8.9e4: Found driver aswRvrt (0x4)
8231aa8.9e4: supR3HardenedWinFindAdversaries: 0x84
8241aa8.9e4: \SystemRoot\System32\drivers\aswHwid.sys:
8251aa8.9e4: CreationTime: 2014-04-25T01:18:00.759391200Z
8261aa8.9e4: LastWriteTime: 2015-02-01T10:15:18.642163900Z
8271aa8.9e4: ChangeTime: 2015-02-01T10:18:25.926876000Z
8281aa8.9e4: FileAttributes: 0x20
8291aa8.9e4: Size: 0x7218
8301aa8.9e4: NT Headers: 0xe8
8311aa8.9e4: Timestamp: 0x545b6fa5
8321aa8.9e4: Machine: 0x8664 - amd64
8331aa8.9e4: Timestamp: 0x545b6fa5
8341aa8.9e4: Image Version: 6.0
8351aa8.9e4: SizeOfImage: 0xa000 (40960)
8361aa8.9e4: Resource Dir: 0x8000 LB 0x460
8371aa8.9e4: ProductName: Avast Antivirus
8381aa8.9e4: ProductVersion: 10.0.2208.712
8391aa8.9e4: FileVersion: 10.0.2208.712
8401aa8.9e4: SpecialBuild: feb2012
8411aa8.9e4: PrivateBuild: 0SpecialBuild
8421aa8.9e4: FileDescription: avast! HWID
8431aa8.9e4: \SystemRoot\System32\drivers\aswMonFlt.sys:
8441aa8.9e4: CreationTime: 2014-04-24T00:22:07.562996200Z
8451aa8.9e4: LastWriteTime: 2015-02-01T10:15:18.778171700Z
8461aa8.9e4: ChangeTime: 2015-02-01T10:18:25.927876100Z
8471aa8.9e4: FileAttributes: 0x20
8481aa8.9e4: Size: 0x14550
8491aa8.9e4: NT Headers: 0xe8
8501aa8.9e4: Timestamp: 0x545b6f33
8511aa8.9e4: Machine: 0x8664 - amd64
8521aa8.9e4: Timestamp: 0x545b6f33
8531aa8.9e4: Image Version: 6.0
8541aa8.9e4: SizeOfImage: 0x22000 (139264)
8551aa8.9e4: Resource Dir: 0x20000 LB 0x3b8
8561aa8.9e4: ProductName: Avast Antivirus
8571aa8.9e4: ProductVersion: 10.0.2208.712
8581aa8.9e4: FileVersion: 10.0.2208.712
8591aa8.9e4: FileDescription: avast! File System Minifilter for Windows 2003/Vista
8601aa8.9e4: \SystemRoot\System32\drivers\aswRdr2.sys:
8611aa8.9e4: CreationTime: 2014-04-24T00:22:07.781396600Z
8621aa8.9e4: LastWriteTime: 2015-02-01T10:15:17.639106600Z
8631aa8.9e4: ChangeTime: 2015-02-01T10:18:25.927876100Z
8641aa8.9e4: FileAttributes: 0x20
8651aa8.9e4: Size: 0x16d80
8661aa8.9e4: NT Headers: 0xf0
8671aa8.9e4: Timestamp: 0x545b6f6a
8681aa8.9e4: Machine: 0x8664 - amd64
8691aa8.9e4: Timestamp: 0x545b6f6a
8701aa8.9e4: Image Version: 6.1
8711aa8.9e4: SizeOfImage: 0x1a000 (106496)
8721aa8.9e4: Resource Dir: 0x18000 LB 0x3a0
8731aa8.9e4: ProductName: Avast Antivirus
8741aa8.9e4: ProductVersion: 10.0.2208.712
8751aa8.9e4: FileVersion: 10.0.2208.712 built by: WinDDK
8761aa8.9e4: FileDescription: avast! WFP Redirect Driver
8771aa8.9e4: \SystemRoot\System32\drivers\aswRvrt.sys:
8781aa8.9e4: CreationTime: 2014-04-24T00:22:07.656596300Z
8791aa8.9e4: LastWriteTime: 2015-02-01T10:15:18.898178600Z
8801aa8.9e4: ChangeTime: 2015-02-01T10:18:25.928876100Z
8811aa8.9e4: FileAttributes: 0x20
8821aa8.9e4: Size: 0x100f0
8831aa8.9e4: NT Headers: 0xf8
8841aa8.9e4: Timestamp: 0x545b6f42
8851aa8.9e4: Machine: 0x8664 - amd64
8861aa8.9e4: Timestamp: 0x545b6f42
8871aa8.9e4: Image Version: 6.0
8881aa8.9e4: SizeOfImage: 0x13000 (77824)
8891aa8.9e4: Resource Dir: 0x11000 LB 0x468
8901aa8.9e4: ProductName: Avast Antivirus
8911aa8.9e4: ProductVersion: 10.0.2208.712
8921aa8.9e4: FileVersion: 10.0.2208.712
8931aa8.9e4: SpecialBuild: feb2012
8941aa8.9e4: PrivateBuild: 0SpecialBuild
8951aa8.9e4: FileDescription: avast! Revert
8961aa8.9e4: \SystemRoot\System32\drivers\aswSnx.sys:
8971aa8.9e4: CreationTime: 2014-04-24T00:22:07.718996400Z
8981aa8.9e4: LastWriteTime: 2015-02-01T10:19:33.325731000Z
8991aa8.9e4: ChangeTime: 2015-02-01T10:19:33.325731000Z
9001aa8.9e4: FileAttributes: 0x20
9011aa8.9e4: Size: 0x100740
9021aa8.9e4: NT Headers: 0xf0
9031aa8.9e4: Timestamp: 0x546f1f38
9041aa8.9e4: Machine: 0x8664 - amd64
9051aa8.9e4: Timestamp: 0x546f1f38
9061aa8.9e4: Image Version: 6.0
9071aa8.9e4: SizeOfImage: 0x104000 (1064960)
9081aa8.9e4: Resource Dir: 0xfc000 LB 0x380
9091aa8.9e4: ProductName: Avast Antivirus
9101aa8.9e4: ProductVersion: 10.0.2208.722
9111aa8.9e4: FileVersion: 10.0.2208.722
9121aa8.9e4: FileDescription: avast! Virtualization Driver
9131aa8.9e4: \SystemRoot\System32\drivers\aswsp.sys:
9141aa8.9e4: CreationTime: 2014-04-24T00:22:07.812596600Z
9151aa8.9e4: LastWriteTime: 2015-02-01T10:15:19.023185700Z
9161aa8.9e4: ChangeTime: 2015-02-01T10:18:25.928876100Z
9171aa8.9e4: FileAttributes: 0x20
9181aa8.9e4: Size: 0x6a990
9191aa8.9e4: NT Headers: 0x100
9201aa8.9e4: Timestamp: 0x545b7323
9211aa8.9e4: Machine: 0x8664 - amd64
9221aa8.9e4: Timestamp: 0x545b7323
9231aa8.9e4: Image Version: 6.0
9241aa8.9e4: SizeOfImage: 0x71000 (462848)
9251aa8.9e4: Resource Dir: 0x6f000 LB 0x378
9261aa8.9e4: ProductName: Avast Antivirus
9271aa8.9e4: ProductVersion: 10.0.2208.712
9281aa8.9e4: FileVersion: 10.0.2208.712
9291aa8.9e4: FileDescription: avast! self protection module
9301aa8.9e4: \SystemRoot\System32\drivers\aswStm.sys:
9311aa8.9e4: CreationTime: 2014-04-25T01:18:00.884191400Z
9321aa8.9e4: LastWriteTime: 2015-02-01T10:15:19.346204200Z
9331aa8.9e4: ChangeTime: 2015-02-01T10:18:25.929876200Z
9341aa8.9e4: FileAttributes: 0x20
9351aa8.9e4: Size: 0x1c7f8
9361aa8.9e4: NT Headers: 0x110
9371aa8.9e4: Timestamp: 0x545b7364
9381aa8.9e4: Machine: 0x8664 - amd64
9391aa8.9e4: Timestamp: 0x545b7364
9401aa8.9e4: Image Version: 6.2
9411aa8.9e4: SizeOfImage: 0x1f000 (126976)
9421aa8.9e4: Resource Dir: 0x1d000 LB 0x358
9431aa8.9e4: ProductName: Avast Antivirus
9441aa8.9e4: ProductVersion: 10.0.2208.712
9451aa8.9e4: FileVersion: 10.0.2208.712
9461aa8.9e4: FileDescription: Stream Filter
9471aa8.9e4: \SystemRoot\System32\drivers\aswVmm.sys:
9481aa8.9e4: CreationTime: 2014-04-24T00:22:07.703396400Z
9491aa8.9e4: LastWriteTime: 2015-02-01T10:15:19.138192300Z
9501aa8.9e4: ChangeTime: 2015-02-01T10:18:25.929876200Z
9511aa8.9e4: FileAttributes: 0x20
9521aa8.9e4: Size: 0x41570
9531aa8.9e4: NT Headers: 0xf0
9541aa8.9e4: Timestamp: 0x545b6f4b
9551aa8.9e4: Machine: 0x8664 - amd64
9561aa8.9e4: Timestamp: 0x545b6f4b
9571aa8.9e4: Image Version: 6.0
9581aa8.9e4: SizeOfImage: 0x43000 (274432)
9591aa8.9e4: Resource Dir: 0x40000 LB 0x470
9601aa8.9e4: ProductName: Avast Antivirus
9611aa8.9e4: ProductVersion: 10.0.2208.712
9621aa8.9e4: FileVersion: 10.0.2208.712
9631aa8.9e4: SpecialBuild: feb2012
9641aa8.9e4: PrivateBuild: 0SpecialBuild
9651aa8.9e4: FileDescription: avast! VM Monitor
9661aa8.9e4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
9671aa8.9e4: CreationTime: 2014-11-24T11:08:45.488299600Z
9681aa8.9e4: LastWriteTime: 2015-01-05T01:45:12.780628000Z
9691aa8.9e4: ChangeTime: 2015-01-05T01:45:12.780628000Z
9701aa8.9e4: FileAttributes: 0x20
9711aa8.9e4: Size: 0x1fad8
9721aa8.9e4: NT Headers: 0xd8
9731aa8.9e4: Timestamp: 0x541caaaf
9741aa8.9e4: Machine: 0x8664 - amd64
9751aa8.9e4: Timestamp: 0x541caaaf
9761aa8.9e4: Image Version: 6.1
9771aa8.9e4: SizeOfImage: 0x23000 (143360)
9781aa8.9e4: Resource Dir: 0x22000 LB 0x3f0
9791aa8.9e4: ProductName: Malwarebytes Anti-Malware
9801aa8.9e4: ProductVersion: 0.2.13.0
9811aa8.9e4: FileVersion: 0.2.13.0
9821aa8.9e4: FileDescription: Malwarebytes Anti-Malware
9831aa8.9e4: \SystemRoot\System32\drivers\mwac.sys:
9841aa8.9e4: CreationTime: 2014-11-24T11:08:27.678274700Z
9851aa8.9e4: LastWriteTime: 2014-11-21T05:14:22.000000000Z
9861aa8.9e4: ChangeTime: 2014-12-02T18:47:48.758649300Z
9871aa8.9e4: FileAttributes: 0x20
9881aa8.9e4: Size: 0xf8d8
9891aa8.9e4: NT Headers: 0xf8
9901aa8.9e4: Timestamp: 0x53a0f42a
9911aa8.9e4: Machine: 0x8664 - amd64
9921aa8.9e4: Timestamp: 0x53a0f42a
9931aa8.9e4: Image Version: 6.2
9941aa8.9e4: SizeOfImage: 0x12000 (73728)
9951aa8.9e4: Resource Dir: 0x10000 LB 0x3e0
9961aa8.9e4: ProductName: Malwarebytes Web Access Control
9971aa8.9e4: ProductVersion: 1.0.6.0
9981aa8.9e4: FileVersion: 1.0.6.0
9991aa8.9e4: FileDescription: Malwarebytes Web Access Control
10001aa8.9e4: \SystemRoot\System32\drivers\mbamchameleon.sys:
10011aa8.9e4: CreationTime: 2014-11-24T11:08:27.708274700Z
10021aa8.9e4: LastWriteTime: 2014-11-21T05:14:12.000000000Z
10031aa8.9e4: ChangeTime: 2014-12-02T18:47:48.836649500Z
10041aa8.9e4: FileAttributes: 0x20
10051aa8.9e4: Size: 0x16cd8
10061aa8.9e4: NT Headers: 0xe0
10071aa8.9e4: Timestamp: 0x53f2136a
10081aa8.9e4: Machine: 0x8664 - amd64
10091aa8.9e4: Timestamp: 0x53f2136a
10101aa8.9e4: Image Version: 6.1
10111aa8.9e4: SizeOfImage: 0x1a000 (106496)
10121aa8.9e4: Resource Dir: 0x18000 LB 0xbd0
10131aa8.9e4: ProductName: Malwarebytes Chameleon
10141aa8.9e4: ProductVersion: 1.1.4.0
10151aa8.9e4: FileVersion: 1.1.4.0
10161aa8.9e4: FileDescription: Malwarebytes Chameleon Protection Driver
10171aa8.9e4: \SystemRoot\System32\drivers\mbam.sys:
10181aa8.9e4: CreationTime: 2014-11-24T11:08:27.658274600Z
10191aa8.9e4: LastWriteTime: 2014-11-21T05:14:08.000000000Z
10201aa8.9e4: ChangeTime: 2014-12-02T18:47:48.727449300Z
10211aa8.9e4: FileAttributes: 0x20
10221aa8.9e4: Size: 0x64d8
10231aa8.9e4: NT Headers: 0xd8
10241aa8.9e4: Timestamp: 0x540754e1
10251aa8.9e4: Machine: 0x8664 - amd64
10261aa8.9e4: Timestamp: 0x540754e1
10271aa8.9e4: Image Version: 6.1
10281aa8.9e4: SizeOfImage: 0xa000 (40960)
10291aa8.9e4: Resource Dir: 0x8000 LB 0x3d0
10301aa8.9e4: ProductName: Malwarebytes Anti-Malware
10311aa8.9e4: ProductVersion: 0.1.15.0
10321aa8.9e4: FileVersion: 0.1.15.0
10331aa8.9e4: FileDescription: Malwarebytes Anti-Malware
10341aa8.9e4: Calling main()
10351aa8.9e4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10361aa8.9e4: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
10371aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
10381aa8.9e4: SUPR3HardenedMain: Final process, opening VBoxDrv...
10391aa8.9e4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
10401aa8.9e4: supR3HardNtEnableThreadCreation:
10411aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
10421aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10431aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d46f0:C:\Windows\system32 [calling]
10441aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10451aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefc4e0000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10461aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10471aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10481aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
10491aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10501aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10511aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
10521aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10531aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10541aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10551aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
10561aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10571aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10581aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\wintrust.dll)
10591aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wintrust.dll
10601aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10611aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10621aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll)
10631aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
10641aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10651aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume6\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10661aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\msasn1.dll)
10671aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msasn1.dll
10681aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10691aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume6\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10701aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10711aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10721aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\crypt32.dll)
10731aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\crypt32.dll
10741aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10751aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10761aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\msvcrt.dll)
10771aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
10781aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10791aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume6\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10801aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10821aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10831aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10841aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d46f0:C:\Windows\system32 [calling]
10851aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10861aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
10871aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10881aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe020000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
10891aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10901aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
10911aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10921aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefdb10000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
10931aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10941aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffcb0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
10951aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10961aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll'
10971aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\cryptsp.dll)
10981aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptsp.dll
10991aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11001aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11011aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd3c0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
11021aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11031aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3c0000 'C:\Windows\system32\CRYPTSP.dll'
11041aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11051aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\rsaenh.dll)
11061aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
11071aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11081aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11091aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11101aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11111aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11121aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd000000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
11131aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11141aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd000000 'C:\Windows\system32\rsaenh.dll'
11151aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11161aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
11171aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\advapi32.dll)
11181aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\advapi32.dll
11191aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11201aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11211aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11221aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11231aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11241aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11251aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11261aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11271aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe350000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
11281aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11291aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11301aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
11311aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\sechost.dll)
11321aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\sechost.dll
11331aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe790000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
11341aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\sechost.dll [lacks WinVerifyTrust]
11351aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\ADVAPI32.dll'
11361aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\cryptbase.dll)
11371aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptbase.dll
11381aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11401aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11411aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11431aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11441aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11451aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11461aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd960000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
11471aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11481aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\CRYPTBASE.dll'
11491aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11501aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11511aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077900000 'C:\Windows\system32\kernel32.dll'
11521aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11531aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11541aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\WINTRUST.DLL'
11551aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11561aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11571aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb80000 'C:\Windows\system32\CRYPT32.dll'
11581aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11591aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
11601aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\imagehlp.dll)
11611aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\imagehlp.dll
11621aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11631aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11641aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11651aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11661aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11671aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11681aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11691aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffc30000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
11701aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
11711aa8.9e4: supR3HardenedWinReInstallHooks: Reinstalling NtCreateSection (0000000077b71750: e9 bb eb 54 88 3f 01 00 00 00 ff e0 1f 44 00 00).
11721aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc30000 'C:\Windows\system32\imagehlp.dll'
11731aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11741aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
11751aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3c0000 'C:\Windows\system32\CRYPTSP.dll'
11761aa8.9e4: \Device\HarddiskVolume6\Windows\System32\user32.dll: Owner is administrators group.
11771aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11781aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\user32.dll)
11791aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\user32.dll
11801aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11821aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
11831aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
11841aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\gdi32.dll)
11851aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\gdi32.dll
11861aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
11871aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume6\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
11881aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
11891aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
11901aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
11911aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\lpk.dll)
11921aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\lpk.dll
11931aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11941aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11951aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
11961aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
11971aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume6\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
11981aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11991aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12001aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12011aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\usp10.dll)
12021aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\usp10.dll
12031aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12041aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12051aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12061aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12071aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12081aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12091aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12101aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12111aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12121aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12131aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12141aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12151aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12161aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12171aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12181aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
12191aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12201aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000077a20000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
12211aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12221aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe0c0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
12231aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12241aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe840000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
12251aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\lpk.dll [lacks WinVerifyTrust]
12261aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe6c0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
12271aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\usp10.dll [lacks WinVerifyTrust]
12281aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12291aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
12301aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0c0000 'C:\Windows\system32\gdi32.dll'
12311aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12321aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12331aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
12341aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\imm32.dll)
12351aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\imm32.dll
12361aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
12371aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume6\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
12381aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12391aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12401aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
12411aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
12421aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\msctf.dll)
12431aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msctf.dll
12441aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12451aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12461aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12471aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12481aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12491aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12501aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12511aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12521aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12531aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12541aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12551aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12561aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12571aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12581aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
12591aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12601aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12611aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12621aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
12631aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12641aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe430000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
12651aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12661aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffaa0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
12671aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msctf.dll [lacks WinVerifyTrust]
12681aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe430000 'C:\Windows\system32\IMM32.DLL'
12691aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a20000 'C:\Windows\system32\USER32.dll'
12701aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
12711aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12721aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
12731aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\ncrypt.dll)
12741aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ncrypt.dll
12751aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
12761aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume6\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
12771aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
12781aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12791aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12801aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12821aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12831aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\bcrypt.dll)
12841aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\bcrypt.dll
12851aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
12861aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12871aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x0004d000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
12881aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12891aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12901aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
12911aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12921aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ncrypt.dll'
12931aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12941aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
12951aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll)
12961aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll
12971aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12981aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12991aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13001aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13011aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13021aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13031aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13041aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
13051aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
13061aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
13071aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\bcryptprimitives.dll'
13081aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13091aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13101aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\bcrypt.dll'
13111aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13121aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13131aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
13141aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\userenv.dll)
13151aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\userenv.dll
13161aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
13171aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
13181aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13191aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\profapi.dll)
13201aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\profapi.dll
13211aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13221aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13231aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13241aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13251aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13261aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13271aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13281aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13291aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13301aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13311aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13321aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefcdc0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
13331aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13341aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13351aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefda70000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
13361aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13371aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdc0000 'C:\Windows\system32\USERENV.dll'
13381aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13391aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13401aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13411aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13421aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13431aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
13441aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\gpapi.dll)
13451aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\gpapi.dll
13461aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13471aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13481aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13501aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13511aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13521aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13531aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
13541aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefcda0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
13551aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
13561aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\Windows\system32\GPAPI.dll'
13571aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13581aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-WIN-Service-Management-L1-1-0.dll'
13591aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13601aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13611aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffcb0000 'C:\Windows\system32\rpcrt4.dll'
13621aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13631aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-WIN-Service-Management-L2-1-0.dll'
13641aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13651aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13661aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13671aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
13681aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
13691aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
13701aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\cryptnet.dll)
13711aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptnet.dll
13721aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
13731aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume6\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
13741aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13751aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\Wldap32.dll)
13761aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\Wldap32.dll
13771aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
13781aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume6\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
13791aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13801aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13821aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13831aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13841aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13851aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13861aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13871aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13881aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13891aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13901aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13911aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef3820000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
13921aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13931aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffc50000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
13941aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
13951aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13961aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
13971aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
13981aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13991aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14001aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14011aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14021aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14031aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14041aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14051aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14061aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14071aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14081aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14091aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14101aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14111aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14121aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14131aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14141aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14151aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14161aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14171aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14181aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14191aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14201aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14211aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14221aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14231aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14241aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14251aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3820000 'C:\Windows\system32\cryptnet.dll'
14261aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14271aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14281aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\profapi.dll [lacks WinVerifyTrust]
14291aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14301aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\profapi.dll'
14311aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14321aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14331aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
14341aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\shlwapi.dll)
14351aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
14361aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14371aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14381aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14401aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14411aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
14421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14441aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14451aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14461aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
14471aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffbb0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
14481aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
14491aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbb0000 'C:\Windows\system32\SHLWAPI.dll'
14501aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
14511aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008460b0
14521aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
14531aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7A941C4A11C30FC248F9D3F7A1AE8206850480CE
14541aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14551aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14561aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14571aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-WIN-Service-Management-L1-1-0.dll'
14581aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14591aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
14601aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14611aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14621aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\ADVAPI32.dll'
14631aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14641aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
14651aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
14661aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
14671aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2872339~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
14681aa8.9e4: g_pfnWinVerifyTrust=000007fefde01010
14691aa8.9e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
14701aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume6\Windows\System32\crypt32.dll
14711aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
14721aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
14731aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
14741aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume6\Windows\System32\crypt32.dll'
14751aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14761aa8.9e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\crypt32.dll'
14771aa8.9e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
14781aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume6\Windows\System32\wintrust.dll
14791aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
14801aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
14811aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
14821aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\wintrust.dll'
14831aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14841aa8.9e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\wintrust.dll'
14851aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume6\Windows\System32\shlwapi.dll
14861aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
14871aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
14881aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
14891aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'
14901aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14911aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'
14921aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume6\Windows\System32\Wldap32.dll
14931aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
14941aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
14951aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
14961aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\Wldap32.dll'
14971aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14981aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\Wldap32.dll'
14991aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume6\Windows\System32\cryptnet.dll
15001aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15011aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15021aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
15031aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\cryptnet.dll'
15041aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15051aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptnet.dll'
15061aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume6\Windows\System32\gpapi.dll
15071aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15081aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15091aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
15101aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\gpapi.dll'
15111aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15121aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\gpapi.dll'
15131aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume6\Windows\System32\profapi.dll
15141aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15151aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15161aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
15171aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\profapi.dll'
15181aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15191aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\profapi.dll'
15201aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume6\Windows\System32\userenv.dll
15211aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15221aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15231aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
15241aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\userenv.dll'
15251aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15261aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\userenv.dll'
15271aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll'
15281aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume6\Windows\System32\bcrypt.dll
15291aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15301aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15311aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
15321aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\bcrypt.dll'
15331aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15341aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll'
15351aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume6\Windows\System32\ncrypt.dll
15361aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15371aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15381aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAB2251E23910860D2DAA4D49B0B839A29B56621
15391aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume6\Windows\System32\ncrypt.dll'
15401aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15411aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\ncrypt.dll'
15421aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume6\Windows\System32\msctf.dll
15431aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15441aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15451aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
15461aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\msctf.dll'
15471aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15481aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msctf.dll'
15491aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume6\Windows\System32\imm32.dll
15501aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15511aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15521aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
15531aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\imm32.dll'
15541aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15551aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\imm32.dll'
15561aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume6\Windows\System32\usp10.dll
15571aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15581aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15591aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
15601aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\usp10.dll'
15611aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15621aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\usp10.dll'
15631aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume6\Windows\System32\lpk.dll
15641aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15651aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15661aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
15671aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume6\Windows\System32\lpk.dll'
15681aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15691aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\lpk.dll'
15701aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume6\Windows\System32\gdi32.dll
15711aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15721aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15731aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B3AA461D69745EDE2C3FADA9D3727DE1798B436
15741aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2876331~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\gdi32.dll'
15751aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15761aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'
15771aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume6\Windows\System32\user32.dll
15781aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15791aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15801aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7DC496F06553DAC9BBB7B106A5859A9B7459010
15811aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
15821aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008460b0
15831aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15841aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7DC496F06553DAC9BBB7B106A5859A9B7459010
15851aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
15861aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
15871aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\user32.dll'
15881aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume6\Windows\System32\imagehlp.dll
15891aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15901aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15911aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
15921aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\imagehlp.dll'
15931aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15941aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\imagehlp.dll'
15951aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume6\Windows\System32\cryptbase.dll
15961aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
15971aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
15981aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
15991aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\cryptbase.dll'
16001aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16011aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptbase.dll'
16021aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume6\Windows\System32\sechost.dll
16031aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16041aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16051aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
16061aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\sechost.dll'
16071aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16081aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\sechost.dll'
16091aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume6\Windows\System32\advapi32.dll
16101aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16111aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16121aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
16131aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\advapi32.dll'
16141aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16151aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\advapi32.dll'
16161aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\rsaenh.dll'
16171aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume6\Windows\System32\cryptsp.dll
16181aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16191aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16201aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
16211aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\cryptsp.dll'
16221aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16231aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptsp.dll'
16241aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume6\Windows\System32\msvcrt.dll
16251aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16261aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16271aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
16281aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume6\Windows\System32\msvcrt.dll'
16291aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16301aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll'
16311aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume6\Windows\System32\msasn1.dll
16321aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16331aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16341aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
16351aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\msasn1.dll'
16361aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16371aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msasn1.dll'
16381aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
16391aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16401aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16411aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763126EEC8673BD48C2CBC33CECBFBCE1E63524A
16421aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2849470~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll'
16431aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16441aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll'
16451aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
16461aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume6\Windows\System32\KernelBase.dll
16471aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16481aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16491aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
16501aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume6\Windows\System32\KernelBase.dll'
16511aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16521aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\KernelBase.dll'
16531aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume6\Windows\System32\kernel32.dll
16541aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
16551aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
16561aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
16571aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume6\Windows\System32\kernel32.dll'
16581aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16591aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\kernel32.dll'
16601aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
16611aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008cdf00:C:\Windows\system32 [calling]
16621aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb80000 'C:\Windows\system32\crypt32.dll'
16631aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
16641aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
16651aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
16661aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
16671aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
16681aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9c304d3edf4cda00 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
16691aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
16701aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
16711aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
16721aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
16731aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
16741aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
16751aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
16761aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
16771aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
16781aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
16791aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
16801aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
16811aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
16821aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
16831aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16841aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
16851aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
16861aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
16871aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16881aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
16891aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
16901aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
16911aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
16921aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
16931aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16941aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
16951aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
16961aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
16971aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
16981aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
16991aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
17001aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
17011aa8.9e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
17021aa8.9e4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=39
17031aa8.9e4: SUPR3HardenedMain: Load Runtime...
17041aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17051aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17061aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
17071aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
17081aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
17091aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17101aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17111aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17121aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
17131aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17141aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17151aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume6\Windows\System32\ws2_32.dll
17161aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
17171aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
17181aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
17191aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\ws2_32.dll'
17201aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17211aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17221aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
17231aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
17241aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ws2_32.dll)WinVerifyTrust
17251aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
17261aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17271aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17281aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17291aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
17301aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
17311aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17321aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17331aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
17341aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
17351aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17361aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17371aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
17381aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
17391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume6\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
17401aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume6\Windows\System32\nsi.dll
17411aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
17421aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
17431aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
17441aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\nsi.dll'
17451aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17461aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\nsi.dll)WinVerifyTrust
17471aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\nsi.dll
17481aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17501aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
17511aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17521aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17531aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
17541aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
17551aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17561aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef6b80000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
17571aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17581aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
17591aa8.9e4: supR3HardenedDllNotificationCallback: load 00000000750c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
17601aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
17611aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
17621aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000075020000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
17631aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
17641aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feffde0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
17651aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
17661aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe7b0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
17671aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\nsi.dll
17681aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17691aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17701aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17711aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17721aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17731aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17741aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17751aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17761aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17771aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17781aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17791aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17801aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17811aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17821aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17831aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17841aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17851aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17861aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17871aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17881aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17891aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17901aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17911aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17921aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17931aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
17941aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
17951aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17961aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17971aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17981aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17991aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18001aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18011aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18021aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18031aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18041aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18051aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18061aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18071aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18081aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18091aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18101aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18111aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
18121aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d4ff0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Microsoft Network Monitor 3\ [calling]
18131aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18141aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18151aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18161aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b80000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18171aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll
18181aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ad140:C:\Windows\system32 [calling]
18191aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll'
18201aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
18211aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ad140:C:\Windows\system32 [calling]
18221aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb80000 'C:\Windows\system32\crypt32.dll'
18231aa8.9e4: SUPR3HardenedMain: Load TrustedMain...
18241aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
18251aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18261aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
18271aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
18281aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
18291aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
18301aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
18311aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
18321aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
18331aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
18341aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
18351aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
18361aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
18371aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
18381aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
18391aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
18401aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
18411aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.dll
18421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18441aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume6\Windows\System32\winmm.dll
18451aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
18461aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
18471aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
18481aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\winmm.dll'
18491aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18501aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18511aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18521aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\winmm.dll)WinVerifyTrust
18531aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\winmm.dll
18541aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18551aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume6\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18561aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume6\Windows\System32\comdlg32.dll
18571aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
18581aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
18591aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
18601aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\comdlg32.dll'
18611aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18621aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18631aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
18641aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18651aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18661aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
18671aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18681aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\comdlg32.dll)WinVerifyTrust
18691aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\comdlg32.dll
18701aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18711aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18721aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume6\Windows\System32\oleaut32.dll
18731aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
18741aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
18751aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
18761aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\oleaut32.dll'
18771aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18781aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
18791aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18801aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18811aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
18821aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
18831aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\oleaut32.dll)WinVerifyTrust
18841aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
18851aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18861aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18871aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume6\Windows\System32\ole32.dll
18881aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
18891aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
18901aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
18911aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\ole32.dll'
18921aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18931aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18941aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
18951aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
18961aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
18971aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ole32.dll)WinVerifyTrust
18981aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ole32.dll
18991aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19001aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19011aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume6\Windows\System32\shell32.dll
19021aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
19031aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
19041aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2691B4CA862B8F691AC1CF51D38E621F27CACF6
19051aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2926765~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\shell32.dll'
19061aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19071aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19081aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
19091aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
19101aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
19111aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\shell32.dll)WinVerifyTrust
19121aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\shell32.dll
19131aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19141aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19151aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
19161aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19171aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19181aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll
19191aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19201aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19211aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
19221aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
19231aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
19241aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
19251aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19261aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
19271aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
19281aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
19291aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
19301aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19311aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
19321aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
19331aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
19341aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
19351aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
19361aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
19371aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
19381aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
19391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
19401aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19411aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
19421aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
19431aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19441aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19451aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
19461aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
19471aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
19481aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
19491aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
19501aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
19511aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
19521aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
19531aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
19541aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
19551aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19561aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19571aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
19581aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19591aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
19601aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
19611aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
19621aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
19631aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
19641aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19651aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19661aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19671aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
19681aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19691aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19701aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
19711aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19721aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19731aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19741aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19751aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume6\Windows\System32\opengl32.dll
19761aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
19771aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
19781aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
19791aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume6\Windows\System32\opengl32.dll'
19801aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19811aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19821aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
19831aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
19841aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
19851aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
19861aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
19871aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\opengl32.dll)WinVerifyTrust
19881aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\opengl32.dll
19891aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19901aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19911aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
19921aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume6\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
19931aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume6\Windows\System32\ddraw.dll
19941aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
19951aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
19961aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
19971aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume6\Windows\System32\ddraw.dll'
19981aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19991aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20001aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20011aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
20021aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
20031aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
20041aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
20051aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ddraw.dll)WinVerifyTrust
20061aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ddraw.dll
20071aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
20081aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
20091aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume6\Windows\System32\glu32.dll
20101aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
20111aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
20121aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
20131aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume6\Windows\System32\glu32.dll'
20141aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20151aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20161aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
20171aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20181aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\glu32.dll)WinVerifyTrust
20191aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\glu32.dll
20201aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20211aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20221aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20231aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20241aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
20251aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20261aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20271aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20281aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20291aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
20301aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20311aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20321aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
20331aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20341aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20351aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
20361aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20371aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20381aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20401aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
20411aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20441aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20451aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
20461aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20471aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20481aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
20491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
20501aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
20511aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20521aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20531aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20541aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
20551aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20561aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20571aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20581aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20591aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20601aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20611aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
20621aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
20631aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume6\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
20641aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume6\Windows\System32\winspool.drv
20651aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
20661aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
20671aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
20681aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\winspool.drv'
20691aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20701aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20711aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
20721aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
20731aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\winspool.drv)WinVerifyTrust
20741aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\winspool.drv
20751aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20761aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20771aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
20781aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
20791aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
20801aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\imm32.dll
20811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20821aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20831aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
20841aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
20851aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume6\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
20861aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\comdlg32.dll
20871aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20881aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20891aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20901aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20911aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
20921aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
20931aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
20941aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20951aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20961aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20971aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
20981aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20991aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21001aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
21011aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
21021aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
21031aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21041aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
21051aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
21061aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
21071aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21081aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21091aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21101aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21111aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21121aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21131aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
21141aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21151aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21161aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21171aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21181aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21191aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21201aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
21211aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21221aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21231aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21241aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21251aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21261aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21271aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21281aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21291aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21301aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21311aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21321aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21331aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21341aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21351aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume6\Windows\System32\user32.dll
21361aa8.9e4: Error (rc=0):
21371aa8.9e4: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume6\Windows\System32\user32.dll
21381aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21401aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21411aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21441aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
21451aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21461aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21471aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
21481aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
21491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
21501aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume6\Windows\System32\comctl32.dll
21511aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
21521aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
21531aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
21541aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\System32\comctl32.dll'
21551aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21561aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
21571aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21581aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21591aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\comctl32.dll)WinVerifyTrust
21601aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\comctl32.dll
21611aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21621aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21631aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21641aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21651aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21661aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21671aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
21681aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21691aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21701aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21711aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21721aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21731aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21741aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21751aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21761aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21771aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21781aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll
21791aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21801aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21811aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21821aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21831aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21841aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21851aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21861aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21871aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21881aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21891aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21901aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21911aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
21921aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21931aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21941aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
21951aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
21961aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume6\Windows\System32\dwmapi.dll
21971aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
21981aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
21991aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
22001aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\dwmapi.dll'
22011aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22021aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22031aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22041aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22051aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dwmapi.dll)WinVerifyTrust
22061aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
22071aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22081aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22091aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume6\Windows\System32\setupapi.dll
22101aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
22111aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
22121aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
22131aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\setupapi.dll'
22141aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22151aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
22161aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
22171aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
22181aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22191aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
22201aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
22211aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
22221aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\setupapi.dll)WinVerifyTrust
22231aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\setupapi.dll
22241aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22251aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22261aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
22271aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume6\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
22281aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume6\Windows\System32\dciman32.dll
22291aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
22301aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
22311aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
22321aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume6\Windows\System32\dciman32.dll'
22331aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22341aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22351aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
22361aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22371aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dciman32.dll)WinVerifyTrust
22381aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dciman32.dll
22391aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22401aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22411aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22441aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22451aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22461aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22471aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22481aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
22501aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume6\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
22511aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume6\Windows\System32\devobj.dll
22521aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
22531aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
22541aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
22551aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\devobj.dll'
22561aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22571aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22581aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
22591aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\devobj.dll)WinVerifyTrust
22601aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\devobj.dll
22611aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22621aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22631aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
22641aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22651aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22661aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22671aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22681aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22691aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22701aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22711aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22721aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22731aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22741aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
22751aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
22761aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
22771aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
22781aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'
22791aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22801aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22811aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
22821aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22831aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll)WinVerifyTrust
22841aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
22851aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22861aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22871aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22881aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22891aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22901aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22911aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22921aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22931aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22941aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22951aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22961aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22971aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22981aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22991aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
23001aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23011aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23021aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23031aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.dll
23041aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef6300000 LB 0x00873000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
23051aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.dll
23061aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
23071aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef7920000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
23081aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
23091aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\glu32.dll
23101aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef7b10000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
23111aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\glu32.dll
23121aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ddraw.dll
23131aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefb8a0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
23141aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ddraw.dll
23151aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dciman32.dll
23161aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefbb80000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
23171aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dciman32.dll
23181aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
23191aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\setupapi.dll
23201aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefdb40000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
23211aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
23221aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe850000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
23231aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
23241aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feff890000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
23251aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
23261aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefdb20000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
23271aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\devobj.dll
23281aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
23291aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefc410000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
23301aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
23311aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
23321aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000062750000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
23331aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
23341aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
23351aa8.9e4: supR3HardenedDllNotificationCallback: load 000000005e4d0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
23361aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
23371aa8.9e4: supR3HardenedDllNotificationCallback: load 000007feff7f0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
23381aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\comdlg32.dll
23391aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
23401aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23411aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23421aa8.9e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
23431aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
23441aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefa370000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
23451aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
23461aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefea60000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
23471aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
23481aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
23491aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefb2b0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
23501aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
23511aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winspool.drv
23521aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fef9f30000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
23531aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winspool.drv
23541aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
23551aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000062640000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
23561aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
23571aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
23581aa8.9e4: supR3HardenedDllNotificationCallback: load 0000000074f40000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
23591aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
23601aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
23611aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
23621aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
23631aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
23641aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
23651aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23661aa8.9e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
23671aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\imm32.dll
23681aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23691aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23701aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23711aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23721aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23731aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23741aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23751aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe430000 'C:\Windows\system32\imm32.dll'
23761aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6300000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
23771aa8.9e4: SUPR3HardenedMain: Calling TrustedMain (000007fef6301ca0)...
23781aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
23791aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23801aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2b0000 'C:\Windows\system32\winmm.dll'
23811aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cryptbase.dll
23821aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23831aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\CRYPTBASE.dll'
23841aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
23851aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23861aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\Windows\system32\shell32.dll'
23871aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
23881aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23891aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077900000 'C:\Windows\system32\kernel32.dll'
23901aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a8 pwszName=\Device\HarddiskVolume6\Windows\System32\uxtheme.dll
23911aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
23921aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
23931aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
23941aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\uxtheme.dll'
23951aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23961aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23971aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23981aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
23991aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\uxtheme.dll)WinVerifyTrust
24001aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
24011aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24021aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24031aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24041aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24051aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24061aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24071aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24081aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
24091aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefc180000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
24101aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
24111aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc180000 'C:\Windows\system32\uxtheme.dll'
24121aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
24131aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24141aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc180000 'C:\Windows\system32\uxtheme.dll'
24151aa8.9e4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
24161aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24171aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
24181aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
24191aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24201aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc180000 'C:\Windows\system32\uxtheme.dll'
24211aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\advapi32.dll'
24221aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\userenv.dll
24231aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24241aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdc0000 'C:\Windows\system32\userenv.dll'
24251aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
24261aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24271aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077900000 'C:\Windows\system32\kernel32.dll'
24281aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume6\Windows\System32\clbcatq.dll
24291aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
24301aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
24311aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
24321aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume6\Windows\System32\clbcatq.dll'
24331aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24341aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24351aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
24361aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24371aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24381aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24391aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
24401aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\clbcatq.dll)WinVerifyTrust
24411aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\clbcatq.dll
24421aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24431aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24441aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24451aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24461aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
24471aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24481aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24491aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24501aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24511aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24521aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24531aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
24541aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24551aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24561aa8.9e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
24571aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24581aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\clbcatq.dll
24591aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefe2b0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
24601aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\clbcatq.dll
24611aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\CLBCatQ.DLL'
24621aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
24631aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878c60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24641aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\ADVAPI32.dll'
24651aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cryptsp.dll
24661aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878c60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24671aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3c0000 'C:\Windows\system32\CRYPTSP.dll'
24681aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll
24691aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
24701aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
24711aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
24721aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll'
24731aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24741aa8.9e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
24751aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
24761aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll
24771aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24781aa8.9e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24791aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878c60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24801aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll
24811aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
24821aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\RpcRtRemote.dll
24831aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\RpcRtRemote.dll'
24841aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
24851aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002a40660:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24861aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe850000 'C:\Windows\system32\oleaut32.dll'
24871aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000608 pwszName=\Device\HarddiskVolume6\Windows\System32\sxs.dll
24881aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008460b0
24891aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008460b0
24901aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
24911aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume6\Windows\System32\sxs.dll'
24921aa8.9e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24931aa8.9e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\sxs.dll)WinVerifyTrust
24941aa8.9e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\sxs.dll
24951aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000878d80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24961aa8.9e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\sxs.dll
24971aa8.9e4: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
24981aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\sxs.dll
24991aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\SXS.DLL'
25001aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\ADVAPI32.dll'
25011aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
25021aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008793b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25031aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe850000 'C:\Windows\system32\OLEAUT32.dll'
25041aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0c0000 'C:\Windows\system32\gdi32.dll'
25051aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25061aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25071aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25081aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25091aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25101aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
25111aa8.1bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
25121aa8.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
25131aa8.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
25141aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25151aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25161aa8.1bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
25171aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25181aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25191aa8.1bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
25201aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25211aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25221aa8.1bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
25231aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25241aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25251aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25261aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25271aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25281aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25291aa8.1bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
25301aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25311aa8.1bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25321aa8.1bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5490:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25331aa8.1bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
25341aa8.1bfc: supR3HardenedDllNotificationCallback: load 000007fef5e00000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25351aa8.1bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
25361aa8.1bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e00000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25371aa8.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25381aa8.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25391aa8.12d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
25401aa8.12d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25411aa8.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25421aa8.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25431aa8.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25441aa8.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25451aa8.12d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000879200:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25461aa8.12d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25471aa8.12d4: supR3HardenedDllNotificationCallback: load 000007fefb0a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
25481aa8.12d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25491aa8.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
25501aa8.9e4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
25511aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faa100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25521aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
25531aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
25541aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000879560:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25551aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\Windows\system32\shell32.dll'
25561aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe350000 'C:\Windows\system32\ADVAPI32.dll'
25571aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
25581aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000879560:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25591aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff890000 'C:\Windows\system32\ole32.dll'
25601aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
25611aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25621aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff890000 'C:\Windows\system32\ole32.dll'
25631aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msctf.dll
25641aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002a407c0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25651aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffaa0000 'C:\Windows\system32\MSCTF.dll'
25661aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
25671aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25681aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\Windows\system32\shell32.dll'
25691aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
25701aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25711aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\Windows\system32\shell32.dll'
25721aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
25731aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25741aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\dwmapi.dll'
25751aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
25761aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25771aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc180000 'C:\Windows\system32\uxtheme.dll'
25781aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
25791aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25801aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2b0000 'C:\Windows\system32\WINMM.dll'
25811aa8.9e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
25821aa8.9e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f30010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25831aa8.9e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe850000 'C:\Windows\system32\OLEAUT32.DLL'
25841aa8.1608: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe850000 'C:\Windows\system32\OLEAUT32.dll'
258518bc.b98: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 41429 ms, the end);
25861518.1634: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 42240 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy