VirtualBox

Ticket #13696: VBoxStartup.log

File VBoxStartup.log, 444.5 KB (added by oldium, 10 years ago)

VBoxStartup.log

Line 
121bc.914: Log file opened: 4.3.21r97294 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
221bc.914: \SystemRoot\System32\ntdll.dll:
321bc.914: CreationTime: 2013-10-09T07:42:34.643518900Z
421bc.914: LastWriteTime: 2013-08-29T02:16:35.515578900Z
521bc.914: ChangeTime: 2013-10-10T06:30:51.753434900Z
621bc.914: FileAttributes: 0x20
721bc.914: Size: 0x1a6dc0
821bc.914: NT Headers: 0xe0
921bc.914: Timestamp: 0x521eaf24
1021bc.914: Machine: 0x8664 - amd64
1121bc.914: Timestamp: 0x521eaf24
1221bc.914: Image Version: 6.1
1321bc.914: SizeOfImage: 0x1a9000 (1740800)
1421bc.914: Resource Dir: 0x151000 LB 0x560d8
1521bc.914: ProductName: Microsoft® Windows® Operating System
1621bc.914: ProductVersion: 6.1.7601.18247
1721bc.914: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
1821bc.914: FileDescription: NT Layer DLL
1921bc.914: \SystemRoot\System32\kernel32.dll:
2021bc.914: CreationTime: 2014-04-09T08:43:27.564917800Z
2121bc.914: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2221bc.914: ChangeTime: 2014-04-10T06:52:57.019816500Z
2321bc.914: FileAttributes: 0x20
2421bc.914: Size: 0x11c000
2521bc.914: NT Headers: 0xe8
2621bc.914: Timestamp: 0x5315a059
2721bc.914: Machine: 0x8664 - amd64
2821bc.914: Timestamp: 0x5315a059
2921bc.914: Image Version: 6.1
3021bc.914: SizeOfImage: 0x11f000 (1175552)
3121bc.914: Resource Dir: 0x116000 LB 0x528
3221bc.914: ProductName: Microsoft® Windows® Operating System
3321bc.914: ProductVersion: 6.1.7601.18409
3421bc.914: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3521bc.914: FileDescription: Windows NT BASE API Client DLL
3621bc.914: \SystemRoot\System32\KernelBase.dll:
3721bc.914: CreationTime: 2014-05-14T11:13:24.591000400Z
3821bc.914: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3921bc.914: ChangeTime: 2014-05-15T06:47:40.507779500Z
4021bc.914: FileAttributes: 0x20
4121bc.914: Size: 0x67c00
4221bc.914: NT Headers: 0xe8
4321bc.914: Timestamp: 0x5315a05a
4421bc.914: Machine: 0x8664 - amd64
4521bc.914: Timestamp: 0x5315a05a
4621bc.914: Image Version: 6.1
4721bc.914: SizeOfImage: 0x6c000 (442368)
4821bc.914: Resource Dir: 0x6a000 LB 0x530
4921bc.914: ProductName: Microsoft® Windows® Operating System
5021bc.914: ProductVersion: 6.1.7601.18409
5121bc.914: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
5221bc.914: FileDescription: Windows NT BASE API Client DLL
5321bc.914: \SystemRoot\System32\apisetschema.dll:
5421bc.914: CreationTime: 2013-09-11T06:31:43.576860200Z
5521bc.914: LastWriteTime: 2013-08-02T02:12:20.275000000Z
5621bc.914: ChangeTime: 2013-09-11T12:35:23.876114300Z
5721bc.914: FileAttributes: 0x20
5821bc.914: Size: 0x1a00
5921bc.914: NT Headers: 0xc0
6021bc.914: Timestamp: 0x51fb15ca
6121bc.914: Machine: 0x8664 - amd64
6221bc.914: Timestamp: 0x51fb15ca
6321bc.914: Image Version: 6.1
6421bc.914: SizeOfImage: 0x50000 (327680)
6521bc.914: Resource Dir: 0x30000 LB 0x3f8
6621bc.914: ProductName: Microsoft® Windows® Operating System
6721bc.914: ProductVersion: 6.1.7601.18229
6821bc.914: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6921bc.914: FileDescription: ApiSet Schema DLL
7021bc.914: Found driver klkbdflt (0x40)
7121bc.914: Found driver KLIM6 (0x40)
7221bc.914: Found driver klmouflt (0x40)
7321bc.914: Found driver kl1 (0x40)
7421bc.914: Found driver klflt (0x40)
7521bc.914: Found driver kneps (0x40)
7621bc.914: Found driver kltdi (0x40)
7721bc.914: supR3HardenedWinFindAdversaries: 0x40
7821bc.914: \SystemRoot\System32\drivers\kl1.sys:
7921bc.914: CreationTime: 2014-03-31T10:47:10.000000000Z
8021bc.914: LastWriteTime: 2014-03-31T10:47:10.000000000Z
8121bc.914: ChangeTime: 2014-11-06T16:36:41.059804000Z
8221bc.914: FileAttributes: 0x20
8321bc.914: Size: 0x72660
8421bc.914: NT Headers: 0xe8
8521bc.914: Timestamp: 0x53391d63
8621bc.914: Machine: 0x8664 - amd64
8721bc.914: Timestamp: 0x53391d63
8821bc.914: Image Version: 0.0
8921bc.914: SizeOfImage: 0x762000 (7741440)
9021bc.914: Resource Dir: 0x760000 LB 0x448
9121bc.914: ProductName: Kaspersky Anti-Virus
9221bc.914: ProductVersion: 6.0.1.990
9321bc.914: FileVersion: 6.8.0.39
9421bc.914: FileDescription: Kaspersky Unified Driver
9521bc.914: \SystemRoot\System32\drivers\klflt.sys:
9621bc.914: CreationTime: 2014-11-06T16:36:29.399787700Z
9721bc.914: LastWriteTime: 2014-11-20T12:13:40.442479100Z
9821bc.914: ChangeTime: 2014-11-20T12:13:55.283327900Z
9921bc.914: FileAttributes: 0x20
10021bc.914: Size: 0x24c08
10121bc.914: NT Headers: 0xf8
10221bc.914: Timestamp: 0x5407189f
10321bc.914: Machine: 0x8664 - amd64
10421bc.914: Timestamp: 0x5407189f
10521bc.914: Image Version: 6.0
10621bc.914: SizeOfImage: 0x35000 (217088)
10721bc.914: Resource Dir: 0x33000 LB 0x370
10821bc.914: ProductName: Kaspersky™ Anti-Virus ®
10921bc.914: ProductVersion: 1.6.0.42
11021bc.914: FileVersion: 1.6.0.42
11121bc.914: FileDescription: Filter Core [fre_wlh_x64]
11221bc.914: \SystemRoot\System32\drivers\klif.sys:
11321bc.914: CreationTime: 2014-11-06T16:36:29.379787600Z
11421bc.914: LastWriteTime: 2014-11-20T12:13:40.674492300Z
11521bc.914: ChangeTime: 2014-11-20T12:13:55.177321800Z
11621bc.914: FileAttributes: 0x20
11721bc.914: Size: 0xc7ec8
11821bc.914: NT Headers: 0x120
11921bc.914: Timestamp: 0x545b69db
12021bc.914: Machine: 0x8664 - amd64
12121bc.914: Timestamp: 0x545b69db
12221bc.914: Image Version: 6.0
12321bc.914: SizeOfImage: 0xd1000 (856064)
12421bc.914: Resource Dir: 0xce000 LB 0x1240
12521bc.914: ProductName: Kaspersky™ Anti-Virus ®
12621bc.914: ProductVersion: 8.16.0.230
12721bc.914: FileVersion: 8.16.0.230
12821bc.914: FileDescription: Klif Mini-Filter [fre_wlh_x64]
12921bc.914: \SystemRoot\System32\drivers\klim6.sys:
13021bc.914: CreationTime: 2014-02-25T12:09:02.000000000Z
13121bc.914: LastWriteTime: 2014-02-25T12:09:02.000000000Z
13221bc.914: ChangeTime: 2014-11-20T12:13:54.558286400Z
13321bc.914: FileAttributes: 0x20
13421bc.914: Size: 0x7660
13521bc.914: NT Headers: 0x100
13621bc.914: Timestamp: 0x530c5da9
13721bc.914: Machine: 0x8664 - amd64
13821bc.914: Timestamp: 0x530c5da9
13921bc.914: Image Version: 6.0
14021bc.914: SizeOfImage: 0xa000 (40960)
14121bc.914: Resource Dir: 0x8000 LB 0x470
14221bc.914: ProductName: Kaspersky Anti-Virus
14321bc.914: ProductVersion: 6.0.1.990
14421bc.914: FileVersion: 8.0.0.83
14521bc.914: FileDescription: Kaspersky Lab Intermediate Network Driver
14621bc.914: \SystemRoot\System32\drivers\klkbdflt.sys:
14721bc.914: CreationTime: 2014-03-28T16:51:04.000000000Z
14821bc.914: LastWriteTime: 2014-03-28T16:51:04.000000000Z
14921bc.914: ChangeTime: 2014-11-20T12:13:55.449337400Z
15021bc.914: FileAttributes: 0x20
15121bc.914: Size: 0x7060
15221bc.914: NT Headers: 0xf8
15321bc.914: Timestamp: 0x53357e3c
15421bc.914: Machine: 0x8664 - amd64
15521bc.914: Timestamp: 0x53357e3c
15621bc.914: Image Version: 6.0
15721bc.914: SizeOfImage: 0xc000 (49152)
15821bc.914: Resource Dir: 0xa000 LB 0x3a8
15921bc.914: ProductName: Kaspersky™ Anti-Virus ®
16021bc.914: ProductVersion: 8.14.0.13
16121bc.914: FileVersion: 8.14.0.13
16221bc.914: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
16321bc.914: \SystemRoot\System32\drivers\klmouflt.sys:
16421bc.914: CreationTime: 2013-08-08T16:11:00.000000000Z
16521bc.914: LastWriteTime: 2013-08-08T16:11:00.000000000Z
16621bc.914: ChangeTime: 2014-11-20T12:13:55.367332700Z
16721bc.914: FileAttributes: 0x20
16821bc.914: Size: 0x7260
16921bc.914: NT Headers: 0xe8
17021bc.914: Timestamp: 0x520398aa
17121bc.914: Machine: 0x8664 - amd64
17221bc.914: Timestamp: 0x520398aa
17321bc.914: Image Version: 6.0
17421bc.914: SizeOfImage: 0xc000 (49152)
17521bc.914: Resource Dir: 0xa000 LB 0x3a8
17621bc.914: ProductName: Kaspersky™ Anti-Virus ®
17721bc.914: ProductVersion: 8.10.0.41
17821bc.914: FileVersion: 8.10.0.41
17921bc.914: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
18021bc.914: \SystemRoot\System32\drivers\kltdi.sys:
18121bc.914: CreationTime: 2014-06-05T18:02:08.000000000Z
18221bc.914: LastWriteTime: 2014-06-05T18:02:08.000000000Z
18321bc.914: ChangeTime: 2014-11-20T12:13:54.920307100Z
18421bc.914: FileAttributes: 0x20
18521bc.914: Size: 0xda40
18621bc.914: NT Headers: 0x100
18721bc.914: Timestamp: 0x53908666
18821bc.914: Machine: 0x8664 - amd64
18921bc.914: Timestamp: 0x53908666
19021bc.914: Image Version: 6.1
19121bc.914: SizeOfImage: 0x10000 (65536)
19221bc.914: Resource Dir: 0xe000 LB 0x3b8
19321bc.914: ProductName: Kaspersky™ Anti-Virus ®
19421bc.914: ProductVersion: 1.7.0.6
19521bc.914: FileVersion: 1.7.0.6 built by: WinDDK
19621bc.914: FileDescription: Network filtering component [fre_wnet_amd64]
19721bc.914: \SystemRoot\System32\drivers\kneps.sys:
19821bc.914: CreationTime: 2014-07-09T15:23:54.000000000Z
19921bc.914: LastWriteTime: 2014-07-09T15:23:54.000000000Z
20021bc.914: ChangeTime: 2014-11-20T12:13:55.029313400Z
20121bc.914: FileAttributes: 0x20
20221bc.914: Size: 0x2be40
20321bc.914: NT Headers: 0x118
20421bc.914: Timestamp: 0x53bd341a
20521bc.914: Machine: 0x8664 - amd64
20621bc.914: Timestamp: 0x53bd341a
20721bc.914: Image Version: 6.1
20821bc.914: SizeOfImage: 0x2e000 (188416)
20921bc.914: Resource Dir: 0x2c000 LB 0x398
21021bc.914: ProductName: Kaspersky™ Anti-Virus ®
21121bc.914: ProductVersion: 5.7.0.10
21221bc.914: FileVersion: 5.7.0.10 built by: WinDDK
21321bc.914: FileDescription: KNEPS Power [fre_wnet_amd64]
21421bc.914: \SystemRoot\System32\klfphc.dll:
21521bc.914: CreationTime: 2014-11-06T16:36:39.669802000Z
21621bc.914: LastWriteTime: 2013-05-06T08:13:26.000000000Z
21721bc.914: ChangeTime: 2014-11-06T16:36:37.309798700Z
21821bc.914: FileAttributes: 0x20
21921bc.914: Size: 0x1ae60
22021bc.914: NT Headers: 0xe8
22121bc.914: Timestamp: 0x51873bf2
22221bc.914: Machine: 0x8664 - amd64
22321bc.914: Timestamp: 0x51873bf2
22421bc.914: Image Version: 0.0
22521bc.914: SizeOfImage: 0x1d000 (118784)
22621bc.914: Resource Dir: 0x18000 LB 0x3c80
22721bc.914: ProductName: Kaspersky™ Anti-Virus ®
22821bc.914: ProductVersion: 1.0.0.12
22921bc.914: FileVersion: 1.0.0.12
23021bc.914: FileDescription: Filtering Platform Helper Class
23121bc.914: Calling main()
23221bc.914: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
23321bc.914: SUPR3HardenedMain: Respawn #1
23421bc.914: System32: \Device\HarddiskVolume2\Windows\System32
23521bc.914: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
23621bc.914: KnownDllPath: C:\Windows\system32
23721bc.914: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
23821bc.914: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
23921bc.914: supR3HardNtEnableThreadCreation:
24021bc.914: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bc340 pvNtTerminateThread=00000000777e17e0
24121bc.914: supR3HardenedWinDoReSpawn(1): New child 2124.1418 [kernel32].
24221bc.914: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
24321bc.914: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
24421bc.914: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777bc340
24521bc.914: supR3HardenedWinSetupChildInit: Start child.
24621bc.914: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
24721bc.914: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
24821bc.914: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
24921bc.914: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
25021bc.914: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
25121bc.914: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
25221bc.914: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
25321bc.914: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
25421bc.914: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
25521bc.914: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
25621bc.914: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
25721bc.914: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
25821bc.914: 0000000000150000-ffffffff88b0ffff 0x0001/0x0000 0x0000000
25921bc.914: *0000000077790000-000000007778efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26021bc.914: 0000000077791000-000000007768efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26121bc.914: 0000000077893000-0000000077863fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26221bc.914: 00000000778c2000-00000000778b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26321bc.914: 00000000778ca000-00000000778c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26421bc.914: 00000000778cb000-00000000778c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26521bc.914: 00000000778ce000-0000000077862fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26621bc.914: 0000000077939000-0000000070291fff 0x0001/0x0000 0x0000000
26721bc.914: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
26821bc.914: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
26921bc.914: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
27021bc.914: 000000007fff0000-ffffffffc0c8ffff 0x0001/0x0000 0x0000000
27121bc.914: *000000013f350000-000000013f34efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27221bc.914: 000000013f351000-000000013f2ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27321bc.914: 000000013f3d5000-000000013f3d3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27421bc.914: 000000013f3d6000-000000013f398fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27521bc.914: 000000013f413000-000000013f411fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27621bc.914: 000000013f414000-000000013f412fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27721bc.914: 000000013f415000-000000013f412fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27821bc.914: 000000013f417000-000000013f415fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27921bc.914: 000000013f418000-000000013f416fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28021bc.914: 000000013f419000-000000013f414fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28121bc.914: 000000013f41d000-000000013f3e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28221bc.914: 000000013f456000-fffff8037edfbfff 0x0001/0x0000 0x0000000
28321bc.914: *000007feffab0000-000007feffaaefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
28421bc.914: 000007feffab1000-000007fdff5b1fff 0x0001/0x0000 0x0000000
28521bc.914: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
28621bc.914: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
28721bc.914: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
28821bc.914: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
28921bc.914: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
29021bc.914: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
29121bc.914: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
29221bc.914: VirtualBox.exe: timestamp 0x548f692f (rc=VINF_SUCCESS)
29321bc.914: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29421bc.914: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
29521bc.914: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
29621bc.914: supR3HardNtChildPurify: Done after 541 ms and 0 fixes (loop #0).
2972124.1418: Log file opened: 4.3.21r97294 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2982124.1418: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000
2992124.1418: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
3002124.1418: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
30121bc.914: supR3HardNtEnableThreadCreation:
3022124.1418: System32: \Device\HarddiskVolume2\Windows\System32
3032124.1418: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3042124.1418: KnownDllPath: C:\Windows\system32
3052124.1418: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3062124.1418: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3072124.1418: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3082124.1418: Registered Dll notification callback with NTDLL.
3092124.1418: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3102124.1418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3112124.1418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3122124.1418: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3132124.1418: supR3HardenedDllNotificationCallback: load 0000000077670000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3142124.1418: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3152124.1418: supR3HardenedDllNotificationCallback: load 000007fefd590000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3162124.1418: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3172124.1418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3182124.1418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32\kernel32.dll'
3192124.1418: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bc340 pvNtTerminateThread=00000000777e17e0
32021bc.914: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 23 ms.
3212124.1418: \SystemRoot\System32\ntdll.dll:
3222124.1418: CreationTime: 2013-10-09T07:42:34.643518900Z
3232124.1418: LastWriteTime: 2013-08-29T02:16:35.515578900Z
3242124.1418: ChangeTime: 2013-10-10T06:30:51.753434900Z
3252124.1418: FileAttributes: 0x20
3262124.1418: Size: 0x1a6dc0
3272124.1418: NT Headers: 0xe0
3282124.1418: Timestamp: 0x521eaf24
3292124.1418: Machine: 0x8664 - amd64
3302124.1418: Timestamp: 0x521eaf24
3312124.1418: Image Version: 6.1
3322124.1418: SizeOfImage: 0x1a9000 (1740800)
3332124.1418: Resource Dir: 0x151000 LB 0x560d8
3342124.1418: ProductName: Microsoft® Windows® Operating System
3352124.1418: ProductVersion: 6.1.7601.18247
3362124.1418: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
3372124.1418: FileDescription: NT Layer DLL
3382124.1418: \SystemRoot\System32\kernel32.dll:
3392124.1418: CreationTime: 2014-04-09T08:43:27.564917800Z
3402124.1418: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3412124.1418: ChangeTime: 2014-04-10T06:52:57.019816500Z
3422124.1418: FileAttributes: 0x20
3432124.1418: Size: 0x11c000
3442124.1418: NT Headers: 0xe8
3452124.1418: Timestamp: 0x5315a059
3462124.1418: Machine: 0x8664 - amd64
3472124.1418: Timestamp: 0x5315a059
3482124.1418: Image Version: 6.1
3492124.1418: SizeOfImage: 0x11f000 (1175552)
3502124.1418: Resource Dir: 0x116000 LB 0x528
3512124.1418: ProductName: Microsoft® Windows® Operating System
3522124.1418: ProductVersion: 6.1.7601.18409
3532124.1418: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3542124.1418: FileDescription: Windows NT BASE API Client DLL
3552124.1418: \SystemRoot\System32\KernelBase.dll:
3562124.1418: CreationTime: 2014-05-14T11:13:24.591000400Z
3572124.1418: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3582124.1418: ChangeTime: 2014-05-15T06:47:40.507779500Z
3592124.1418: FileAttributes: 0x20
3602124.1418: Size: 0x67c00
3612124.1418: NT Headers: 0xe8
3622124.1418: Timestamp: 0x5315a05a
3632124.1418: Machine: 0x8664 - amd64
3642124.1418: Timestamp: 0x5315a05a
3652124.1418: Image Version: 6.1
3662124.1418: SizeOfImage: 0x6c000 (442368)
3672124.1418: Resource Dir: 0x6a000 LB 0x530
3682124.1418: ProductName: Microsoft® Windows® Operating System
3692124.1418: ProductVersion: 6.1.7601.18409
3702124.1418: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3712124.1418: FileDescription: Windows NT BASE API Client DLL
3722124.1418: \SystemRoot\System32\apisetschema.dll:
3732124.1418: CreationTime: 2013-09-11T06:31:43.576860200Z
3742124.1418: LastWriteTime: 2013-08-02T02:12:20.275000000Z
3752124.1418: ChangeTime: 2013-09-11T12:35:23.876114300Z
3762124.1418: FileAttributes: 0x20
3772124.1418: Size: 0x1a00
3782124.1418: NT Headers: 0xc0
3792124.1418: Timestamp: 0x51fb15ca
3802124.1418: Machine: 0x8664 - amd64
3812124.1418: Timestamp: 0x51fb15ca
3822124.1418: Image Version: 6.1
3832124.1418: SizeOfImage: 0x50000 (327680)
3842124.1418: Resource Dir: 0x30000 LB 0x3f8
3852124.1418: ProductName: Microsoft® Windows® Operating System
3862124.1418: ProductVersion: 6.1.7601.18229
3872124.1418: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
3882124.1418: FileDescription: ApiSet Schema DLL
3892124.1418: Found driver klkbdflt (0x40)
3902124.1418: Found driver KLIM6 (0x40)
3912124.1418: Found driver klmouflt (0x40)
3922124.1418: Found driver kl1 (0x40)
3932124.1418: Found driver klflt (0x40)
3942124.1418: Found driver kneps (0x40)
3952124.1418: Found driver kltdi (0x40)
3962124.1418: supR3HardenedWinFindAdversaries: 0x40
3972124.1418: \SystemRoot\System32\drivers\kl1.sys:
3982124.1418: CreationTime: 2014-03-31T10:47:10.000000000Z
3992124.1418: LastWriteTime: 2014-03-31T10:47:10.000000000Z
4002124.1418: ChangeTime: 2014-11-06T16:36:41.059804000Z
4012124.1418: FileAttributes: 0x20
4022124.1418: Size: 0x72660
4032124.1418: NT Headers: 0xe8
4042124.1418: Timestamp: 0x53391d63
4052124.1418: Machine: 0x8664 - amd64
4062124.1418: Timestamp: 0x53391d63
4072124.1418: Image Version: 0.0
4082124.1418: SizeOfImage: 0x762000 (7741440)
4092124.1418: Resource Dir: 0x760000 LB 0x448
4102124.1418: ProductName: Kaspersky Anti-Virus
4112124.1418: ProductVersion: 6.0.1.990
4122124.1418: FileVersion: 6.8.0.39
4132124.1418: FileDescription: Kaspersky Unified Driver
4142124.1418: \SystemRoot\System32\drivers\klflt.sys:
4152124.1418: CreationTime: 2014-11-06T16:36:29.399787700Z
4162124.1418: LastWriteTime: 2014-11-20T12:13:40.442479100Z
4172124.1418: ChangeTime: 2014-11-20T12:13:55.283327900Z
4182124.1418: FileAttributes: 0x20
4192124.1418: Size: 0x24c08
4202124.1418: NT Headers: 0xf8
4212124.1418: Timestamp: 0x5407189f
4222124.1418: Machine: 0x8664 - amd64
4232124.1418: Timestamp: 0x5407189f
4242124.1418: Image Version: 6.0
4252124.1418: SizeOfImage: 0x35000 (217088)
4262124.1418: Resource Dir: 0x33000 LB 0x370
4272124.1418: ProductName: Kaspersky™ Anti-Virus ®
4282124.1418: ProductVersion: 1.6.0.42
4292124.1418: FileVersion: 1.6.0.42
4302124.1418: FileDescription: Filter Core [fre_wlh_x64]
4312124.1418: \SystemRoot\System32\drivers\klif.sys:
4322124.1418: CreationTime: 2014-11-06T16:36:29.379787600Z
4332124.1418: LastWriteTime: 2014-11-20T12:13:40.674492300Z
4342124.1418: ChangeTime: 2014-11-20T12:13:55.177321800Z
4352124.1418: FileAttributes: 0x20
4362124.1418: Size: 0xc7ec8
4372124.1418: NT Headers: 0x120
4382124.1418: Timestamp: 0x545b69db
4392124.1418: Machine: 0x8664 - amd64
4402124.1418: Timestamp: 0x545b69db
4412124.1418: Image Version: 6.0
4422124.1418: SizeOfImage: 0xd1000 (856064)
4432124.1418: Resource Dir: 0xce000 LB 0x1240
4442124.1418: ProductName: Kaspersky™ Anti-Virus ®
4452124.1418: ProductVersion: 8.16.0.230
4462124.1418: FileVersion: 8.16.0.230
4472124.1418: FileDescription: Klif Mini-Filter [fre_wlh_x64]
4482124.1418: \SystemRoot\System32\drivers\klim6.sys:
4492124.1418: CreationTime: 2014-02-25T12:09:02.000000000Z
4502124.1418: LastWriteTime: 2014-02-25T12:09:02.000000000Z
4512124.1418: ChangeTime: 2014-11-20T12:13:54.558286400Z
4522124.1418: FileAttributes: 0x20
4532124.1418: Size: 0x7660
4542124.1418: NT Headers: 0x100
4552124.1418: Timestamp: 0x530c5da9
4562124.1418: Machine: 0x8664 - amd64
4572124.1418: Timestamp: 0x530c5da9
4582124.1418: Image Version: 6.0
4592124.1418: SizeOfImage: 0xa000 (40960)
4602124.1418: Resource Dir: 0x8000 LB 0x470
4612124.1418: ProductName: Kaspersky Anti-Virus
4622124.1418: ProductVersion: 6.0.1.990
4632124.1418: FileVersion: 8.0.0.83
4642124.1418: FileDescription: Kaspersky Lab Intermediate Network Driver
4652124.1418: \SystemRoot\System32\drivers\klkbdflt.sys:
4662124.1418: CreationTime: 2014-03-28T16:51:04.000000000Z
4672124.1418: LastWriteTime: 2014-03-28T16:51:04.000000000Z
4682124.1418: ChangeTime: 2014-11-20T12:13:55.449337400Z
4692124.1418: FileAttributes: 0x20
4702124.1418: Size: 0x7060
4712124.1418: NT Headers: 0xf8
4722124.1418: Timestamp: 0x53357e3c
4732124.1418: Machine: 0x8664 - amd64
4742124.1418: Timestamp: 0x53357e3c
4752124.1418: Image Version: 6.0
4762124.1418: SizeOfImage: 0xc000 (49152)
4772124.1418: Resource Dir: 0xa000 LB 0x3a8
4782124.1418: ProductName: Kaspersky™ Anti-Virus ®
4792124.1418: ProductVersion: 8.14.0.13
4802124.1418: FileVersion: 8.14.0.13
4812124.1418: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
4822124.1418: \SystemRoot\System32\drivers\klmouflt.sys:
4832124.1418: CreationTime: 2013-08-08T16:11:00.000000000Z
4842124.1418: LastWriteTime: 2013-08-08T16:11:00.000000000Z
4852124.1418: ChangeTime: 2014-11-20T12:13:55.367332700Z
4862124.1418: FileAttributes: 0x20
4872124.1418: Size: 0x7260
4882124.1418: NT Headers: 0xe8
4892124.1418: Timestamp: 0x520398aa
4902124.1418: Machine: 0x8664 - amd64
4912124.1418: Timestamp: 0x520398aa
4922124.1418: Image Version: 6.0
4932124.1418: SizeOfImage: 0xc000 (49152)
4942124.1418: Resource Dir: 0xa000 LB 0x3a8
4952124.1418: ProductName: Kaspersky™ Anti-Virus ®
4962124.1418: ProductVersion: 8.10.0.41
4972124.1418: FileVersion: 8.10.0.41
4982124.1418: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
4992124.1418: \SystemRoot\System32\drivers\kltdi.sys:
5002124.1418: CreationTime: 2014-06-05T18:02:08.000000000Z
5012124.1418: LastWriteTime: 2014-06-05T18:02:08.000000000Z
5022124.1418: ChangeTime: 2014-11-20T12:13:54.920307100Z
5032124.1418: FileAttributes: 0x20
5042124.1418: Size: 0xda40
5052124.1418: NT Headers: 0x100
5062124.1418: Timestamp: 0x53908666
5072124.1418: Machine: 0x8664 - amd64
5082124.1418: Timestamp: 0x53908666
5092124.1418: Image Version: 6.1
5102124.1418: SizeOfImage: 0x10000 (65536)
5112124.1418: Resource Dir: 0xe000 LB 0x3b8
5122124.1418: ProductName: Kaspersky™ Anti-Virus ®
5132124.1418: ProductVersion: 1.7.0.6
5142124.1418: FileVersion: 1.7.0.6 built by: WinDDK
5152124.1418: FileDescription: Network filtering component [fre_wnet_amd64]
5162124.1418: \SystemRoot\System32\drivers\kneps.sys:
5172124.1418: CreationTime: 2014-07-09T15:23:54.000000000Z
5182124.1418: LastWriteTime: 2014-07-09T15:23:54.000000000Z
5192124.1418: ChangeTime: 2014-11-20T12:13:55.029313400Z
5202124.1418: FileAttributes: 0x20
5212124.1418: Size: 0x2be40
5222124.1418: NT Headers: 0x118
5232124.1418: Timestamp: 0x53bd341a
5242124.1418: Machine: 0x8664 - amd64
5252124.1418: Timestamp: 0x53bd341a
5262124.1418: Image Version: 6.1
5272124.1418: SizeOfImage: 0x2e000 (188416)
5282124.1418: Resource Dir: 0x2c000 LB 0x398
5292124.1418: ProductName: Kaspersky™ Anti-Virus ®
5302124.1418: ProductVersion: 5.7.0.10
5312124.1418: FileVersion: 5.7.0.10 built by: WinDDK
5322124.1418: FileDescription: KNEPS Power [fre_wnet_amd64]
5332124.1418: \SystemRoot\System32\klfphc.dll:
5342124.1418: CreationTime: 2014-11-06T16:36:39.669802000Z
5352124.1418: LastWriteTime: 2013-05-06T08:13:26.000000000Z
5362124.1418: ChangeTime: 2014-11-06T16:36:37.309798700Z
5372124.1418: FileAttributes: 0x20
5382124.1418: Size: 0x1ae60
5392124.1418: NT Headers: 0xe8
5402124.1418: Timestamp: 0x51873bf2
5412124.1418: Machine: 0x8664 - amd64
5422124.1418: Timestamp: 0x51873bf2
5432124.1418: Image Version: 0.0
5442124.1418: SizeOfImage: 0x1d000 (118784)
5452124.1418: Resource Dir: 0x18000 LB 0x3c80
5462124.1418: ProductName: Kaspersky™ Anti-Virus ®
5472124.1418: ProductVersion: 1.0.0.12
5482124.1418: FileVersion: 1.0.0.12
5492124.1418: FileDescription: Filtering Platform Helper Class
5502124.1418: Calling main()
5512124.1418: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5522124.1418: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5532124.1418: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5542124.1418: SUPR3HardenedMain: Respawn #2
5552124.1418: supR3HardNtEnableThreadCreation:
5562124.1418: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
5572124.1418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
5582124.1418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5592124.1418: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5602124.1418: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
5612124.1418: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5622124.1418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\apphelp.dll'
5632124.1418: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bc340 pvNtTerminateThread=00000000777e17e0
5642124.1418: supR3HardenedWinDoReSpawn(2): New child 1748.1d24 [kernel32].
5652124.1418: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
5662124.1418: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
5672124.1418: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777bc340
5682124.1418: supR3HardenedWinSetupChildInit: Start child.
5692124.1418: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5702124.1418: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
5712124.1418: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5722124.1418: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5732124.1418: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5742124.1418: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
5752124.1418: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5762124.1418: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5772124.1418: 0000000000041000-fffffffffff51fff 0x0001/0x0000 0x0000000
5782124.1418: *0000000000130000-0000000000033fff 0x0000/0x0004 0x0020000
5792124.1418: 000000000022c000-0000000000228fff 0x0104/0x0004 0x0020000
5802124.1418: 000000000022f000-000000000022dfff 0x0004/0x0004 0x0020000
5812124.1418: 0000000000230000-ffffffff88ccffff 0x0001/0x0000 0x0000000
5822124.1418: *0000000077790000-000000007778efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5832124.1418: 0000000077791000-000000007768efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5842124.1418: 0000000077893000-0000000077863fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5852124.1418: 00000000778c2000-00000000778b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5862124.1418: 00000000778ca000-00000000778c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5872124.1418: 00000000778cb000-00000000778c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5882124.1418: 00000000778ce000-0000000077862fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5892124.1418: 0000000077939000-0000000070291fff 0x0001/0x0000 0x0000000
5902124.1418: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5912124.1418: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5922124.1418: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5932124.1418: 000000007fff0000-ffffffffc0c8ffff 0x0001/0x0000 0x0000000
5942124.1418: *000000013f350000-000000013f34efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5952124.1418: 000000013f351000-000000013f2ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5962124.1418: 000000013f3d5000-000000013f3d3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5972124.1418: 000000013f3d6000-000000013f398fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5982124.1418: 000000013f413000-000000013f411fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5992124.1418: 000000013f414000-000000013f412fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6002124.1418: 000000013f415000-000000013f412fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6012124.1418: 000000013f417000-000000013f415fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6022124.1418: 000000013f418000-000000013f416fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6032124.1418: 000000013f419000-000000013f414fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6042124.1418: 000000013f41d000-000000013f3e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6052124.1418: 000000013f456000-fffff8037edfbfff 0x0001/0x0000 0x0000000
6062124.1418: *000007feffab0000-000007feffaaefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
6072124.1418: 000007feffab1000-000007fdff5b1fff 0x0001/0x0000 0x0000000
6082124.1418: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
6092124.1418: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
6102124.1418: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
6112124.1418: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
6122124.1418: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
6132124.1418: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
6142124.1418: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
6152124.1418: VirtualBox.exe: timestamp 0x548f692f (rc=VINF_SUCCESS)
6162124.1418: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6172124.1418: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
6182124.1418: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
6192124.1418: supR3HardNtChildPurify: Done after 540 ms and 0 fixes (loop #0).
6201748.1d24: Log file opened: 4.3.21r97294 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
6211748.1d24: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000
6221748.1d24: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
6231748.1d24: New simple heap: #1 0000000000330000 LB 0x400000 (for 1740800 allocation)
6242124.1418: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
6252124.1418: supR3HardNtEnableThreadCreation:
6261748.1d24: System32: \Device\HarddiskVolume2\Windows\System32
6271748.1d24: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
6281748.1d24: KnownDllPath: C:\Windows\system32
6291748.1d24: supR3HardenedVmProcessInit: Opening vboxdrv...
6301748.1d24: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6311748.1d24: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6321748.1d24: Registered Dll notification callback with NTDLL.
6331748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
6341748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
6351748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6361748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6371748.1d24: supR3HardenedDllNotificationCallback: load 0000000077670000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
6381748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6391748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd590000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
6401748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
6411748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
6421748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32\kernel32.dll'
6431748.1d24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bc340 pvNtTerminateThread=00000000777e17e0
6442124.1418: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 29 ms.
6451748.1d24: \SystemRoot\System32\ntdll.dll:
6461748.1d24: CreationTime: 2013-10-09T07:42:34.643518900Z
6471748.1d24: LastWriteTime: 2013-08-29T02:16:35.515578900Z
6481748.1d24: ChangeTime: 2013-10-10T06:30:51.753434900Z
6491748.1d24: FileAttributes: 0x20
6501748.1d24: Size: 0x1a6dc0
6511748.1d24: NT Headers: 0xe0
6521748.1d24: Timestamp: 0x521eaf24
6531748.1d24: Machine: 0x8664 - amd64
6541748.1d24: Timestamp: 0x521eaf24
6551748.1d24: Image Version: 6.1
6561748.1d24: SizeOfImage: 0x1a9000 (1740800)
6571748.1d24: Resource Dir: 0x151000 LB 0x560d8
6581748.1d24: ProductName: Microsoft® Windows® Operating System
6591748.1d24: ProductVersion: 6.1.7601.18247
6601748.1d24: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
6611748.1d24: FileDescription: NT Layer DLL
6621748.1d24: \SystemRoot\System32\kernel32.dll:
6631748.1d24: CreationTime: 2014-04-09T08:43:27.564917800Z
6641748.1d24: LastWriteTime: 2014-03-04T09:44:00.336000000Z
6651748.1d24: ChangeTime: 2014-04-10T06:52:57.019816500Z
6661748.1d24: FileAttributes: 0x20
6671748.1d24: Size: 0x11c000
6681748.1d24: NT Headers: 0xe8
6691748.1d24: Timestamp: 0x5315a059
6701748.1d24: Machine: 0x8664 - amd64
6711748.1d24: Timestamp: 0x5315a059
6721748.1d24: Image Version: 6.1
6731748.1d24: SizeOfImage: 0x11f000 (1175552)
6741748.1d24: Resource Dir: 0x116000 LB 0x528
6751748.1d24: ProductName: Microsoft® Windows® Operating System
6761748.1d24: ProductVersion: 6.1.7601.18409
6771748.1d24: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
6781748.1d24: FileDescription: Windows NT BASE API Client DLL
6791748.1d24: \SystemRoot\System32\KernelBase.dll:
6801748.1d24: CreationTime: 2014-05-14T11:13:24.591000400Z
6811748.1d24: LastWriteTime: 2014-03-04T09:44:00.336000000Z
6821748.1d24: ChangeTime: 2014-05-15T06:47:40.507779500Z
6831748.1d24: FileAttributes: 0x20
6841748.1d24: Size: 0x67c00
6851748.1d24: NT Headers: 0xe8
6861748.1d24: Timestamp: 0x5315a05a
6871748.1d24: Machine: 0x8664 - amd64
6881748.1d24: Timestamp: 0x5315a05a
6891748.1d24: Image Version: 6.1
6901748.1d24: SizeOfImage: 0x6c000 (442368)
6911748.1d24: Resource Dir: 0x6a000 LB 0x530
6921748.1d24: ProductName: Microsoft® Windows® Operating System
6931748.1d24: ProductVersion: 6.1.7601.18409
6941748.1d24: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
6951748.1d24: FileDescription: Windows NT BASE API Client DLL
6961748.1d24: \SystemRoot\System32\apisetschema.dll:
6971748.1d24: CreationTime: 2013-09-11T06:31:43.576860200Z
6981748.1d24: LastWriteTime: 2013-08-02T02:12:20.275000000Z
6991748.1d24: ChangeTime: 2013-09-11T12:35:23.876114300Z
7001748.1d24: FileAttributes: 0x20
7011748.1d24: Size: 0x1a00
7021748.1d24: NT Headers: 0xc0
7031748.1d24: Timestamp: 0x51fb15ca
7041748.1d24: Machine: 0x8664 - amd64
7051748.1d24: Timestamp: 0x51fb15ca
7061748.1d24: Image Version: 6.1
7071748.1d24: SizeOfImage: 0x50000 (327680)
7081748.1d24: Resource Dir: 0x30000 LB 0x3f8
7091748.1d24: ProductName: Microsoft® Windows® Operating System
7101748.1d24: ProductVersion: 6.1.7601.18229
7111748.1d24: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
7121748.1d24: FileDescription: ApiSet Schema DLL
7131748.1d24: Found driver klkbdflt (0x40)
7141748.1d24: Found driver KLIM6 (0x40)
7151748.1d24: Found driver klmouflt (0x40)
7161748.1d24: Found driver kl1 (0x40)
7171748.1d24: Found driver klflt (0x40)
7181748.1d24: Found driver kneps (0x40)
7191748.1d24: Found driver kltdi (0x40)
7201748.1d24: supR3HardenedWinFindAdversaries: 0x40
7211748.1d24: \SystemRoot\System32\drivers\kl1.sys:
7221748.1d24: CreationTime: 2014-03-31T10:47:10.000000000Z
7231748.1d24: LastWriteTime: 2014-03-31T10:47:10.000000000Z
7241748.1d24: ChangeTime: 2014-11-06T16:36:41.059804000Z
7251748.1d24: FileAttributes: 0x20
7261748.1d24: Size: 0x72660
7271748.1d24: NT Headers: 0xe8
7281748.1d24: Timestamp: 0x53391d63
7291748.1d24: Machine: 0x8664 - amd64
7301748.1d24: Timestamp: 0x53391d63
7311748.1d24: Image Version: 0.0
7321748.1d24: SizeOfImage: 0x762000 (7741440)
7331748.1d24: Resource Dir: 0x760000 LB 0x448
7341748.1d24: ProductName: Kaspersky Anti-Virus
7351748.1d24: ProductVersion: 6.0.1.990
7361748.1d24: FileVersion: 6.8.0.39
7371748.1d24: FileDescription: Kaspersky Unified Driver
7381748.1d24: \SystemRoot\System32\drivers\klflt.sys:
7391748.1d24: CreationTime: 2014-11-06T16:36:29.399787700Z
7401748.1d24: LastWriteTime: 2014-11-20T12:13:40.442479100Z
7411748.1d24: ChangeTime: 2014-11-20T12:13:55.283327900Z
7421748.1d24: FileAttributes: 0x20
7431748.1d24: Size: 0x24c08
7441748.1d24: NT Headers: 0xf8
7451748.1d24: Timestamp: 0x5407189f
7461748.1d24: Machine: 0x8664 - amd64
7471748.1d24: Timestamp: 0x5407189f
7481748.1d24: Image Version: 6.0
7491748.1d24: SizeOfImage: 0x35000 (217088)
7501748.1d24: Resource Dir: 0x33000 LB 0x370
7511748.1d24: ProductName: Kaspersky™ Anti-Virus ®
7521748.1d24: ProductVersion: 1.6.0.42
7531748.1d24: FileVersion: 1.6.0.42
7541748.1d24: FileDescription: Filter Core [fre_wlh_x64]
7551748.1d24: \SystemRoot\System32\drivers\klif.sys:
7561748.1d24: CreationTime: 2014-11-06T16:36:29.379787600Z
7571748.1d24: LastWriteTime: 2014-11-20T12:13:40.674492300Z
7581748.1d24: ChangeTime: 2014-11-20T12:13:55.177321800Z
7591748.1d24: FileAttributes: 0x20
7601748.1d24: Size: 0xc7ec8
7611748.1d24: NT Headers: 0x120
7621748.1d24: Timestamp: 0x545b69db
7631748.1d24: Machine: 0x8664 - amd64
7641748.1d24: Timestamp: 0x545b69db
7651748.1d24: Image Version: 6.0
7661748.1d24: SizeOfImage: 0xd1000 (856064)
7671748.1d24: Resource Dir: 0xce000 LB 0x1240
7681748.1d24: ProductName: Kaspersky™ Anti-Virus ®
7691748.1d24: ProductVersion: 8.16.0.230
7701748.1d24: FileVersion: 8.16.0.230
7711748.1d24: FileDescription: Klif Mini-Filter [fre_wlh_x64]
7721748.1d24: \SystemRoot\System32\drivers\klim6.sys:
7731748.1d24: CreationTime: 2014-02-25T12:09:02.000000000Z
7741748.1d24: LastWriteTime: 2014-02-25T12:09:02.000000000Z
7751748.1d24: ChangeTime: 2014-11-20T12:13:54.558286400Z
7761748.1d24: FileAttributes: 0x20
7771748.1d24: Size: 0x7660
7781748.1d24: NT Headers: 0x100
7791748.1d24: Timestamp: 0x530c5da9
7801748.1d24: Machine: 0x8664 - amd64
7811748.1d24: Timestamp: 0x530c5da9
7821748.1d24: Image Version: 6.0
7831748.1d24: SizeOfImage: 0xa000 (40960)
7841748.1d24: Resource Dir: 0x8000 LB 0x470
7851748.1d24: ProductName: Kaspersky Anti-Virus
7861748.1d24: ProductVersion: 6.0.1.990
7871748.1d24: FileVersion: 8.0.0.83
7881748.1d24: FileDescription: Kaspersky Lab Intermediate Network Driver
7891748.1d24: \SystemRoot\System32\drivers\klkbdflt.sys:
7901748.1d24: CreationTime: 2014-03-28T16:51:04.000000000Z
7911748.1d24: LastWriteTime: 2014-03-28T16:51:04.000000000Z
7921748.1d24: ChangeTime: 2014-11-20T12:13:55.449337400Z
7931748.1d24: FileAttributes: 0x20
7941748.1d24: Size: 0x7060
7951748.1d24: NT Headers: 0xf8
7961748.1d24: Timestamp: 0x53357e3c
7971748.1d24: Machine: 0x8664 - amd64
7981748.1d24: Timestamp: 0x53357e3c
7991748.1d24: Image Version: 6.0
8001748.1d24: SizeOfImage: 0xc000 (49152)
8011748.1d24: Resource Dir: 0xa000 LB 0x3a8
8021748.1d24: ProductName: Kaspersky™ Anti-Virus ®
8031748.1d24: ProductVersion: 8.14.0.13
8041748.1d24: FileVersion: 8.14.0.13
8051748.1d24: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
8061748.1d24: \SystemRoot\System32\drivers\klmouflt.sys:
8071748.1d24: CreationTime: 2013-08-08T16:11:00.000000000Z
8081748.1d24: LastWriteTime: 2013-08-08T16:11:00.000000000Z
8091748.1d24: ChangeTime: 2014-11-20T12:13:55.367332700Z
8101748.1d24: FileAttributes: 0x20
8111748.1d24: Size: 0x7260
8121748.1d24: NT Headers: 0xe8
8131748.1d24: Timestamp: 0x520398aa
8141748.1d24: Machine: 0x8664 - amd64
8151748.1d24: Timestamp: 0x520398aa
8161748.1d24: Image Version: 6.0
8171748.1d24: SizeOfImage: 0xc000 (49152)
8181748.1d24: Resource Dir: 0xa000 LB 0x3a8
8191748.1d24: ProductName: Kaspersky™ Anti-Virus ®
8201748.1d24: ProductVersion: 8.10.0.41
8211748.1d24: FileVersion: 8.10.0.41
8221748.1d24: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
8231748.1d24: \SystemRoot\System32\drivers\kltdi.sys:
8241748.1d24: CreationTime: 2014-06-05T18:02:08.000000000Z
8251748.1d24: LastWriteTime: 2014-06-05T18:02:08.000000000Z
8261748.1d24: ChangeTime: 2014-11-20T12:13:54.920307100Z
8271748.1d24: FileAttributes: 0x20
8281748.1d24: Size: 0xda40
8291748.1d24: NT Headers: 0x100
8301748.1d24: Timestamp: 0x53908666
8311748.1d24: Machine: 0x8664 - amd64
8321748.1d24: Timestamp: 0x53908666
8331748.1d24: Image Version: 6.1
8341748.1d24: SizeOfImage: 0x10000 (65536)
8351748.1d24: Resource Dir: 0xe000 LB 0x3b8
8361748.1d24: ProductName: Kaspersky™ Anti-Virus ®
8371748.1d24: ProductVersion: 1.7.0.6
8381748.1d24: FileVersion: 1.7.0.6 built by: WinDDK
8391748.1d24: FileDescription: Network filtering component [fre_wnet_amd64]
8401748.1d24: \SystemRoot\System32\drivers\kneps.sys:
8411748.1d24: CreationTime: 2014-07-09T15:23:54.000000000Z
8421748.1d24: LastWriteTime: 2014-07-09T15:23:54.000000000Z
8431748.1d24: ChangeTime: 2014-11-20T12:13:55.029313400Z
8441748.1d24: FileAttributes: 0x20
8451748.1d24: Size: 0x2be40
8461748.1d24: NT Headers: 0x118
8471748.1d24: Timestamp: 0x53bd341a
8481748.1d24: Machine: 0x8664 - amd64
8491748.1d24: Timestamp: 0x53bd341a
8501748.1d24: Image Version: 6.1
8511748.1d24: SizeOfImage: 0x2e000 (188416)
8521748.1d24: Resource Dir: 0x2c000 LB 0x398
8531748.1d24: ProductName: Kaspersky™ Anti-Virus ®
8541748.1d24: ProductVersion: 5.7.0.10
8551748.1d24: FileVersion: 5.7.0.10 built by: WinDDK
8561748.1d24: FileDescription: KNEPS Power [fre_wnet_amd64]
8571748.1d24: \SystemRoot\System32\klfphc.dll:
8581748.1d24: CreationTime: 2014-11-06T16:36:39.669802000Z
8591748.1d24: LastWriteTime: 2013-05-06T08:13:26.000000000Z
8601748.1d24: ChangeTime: 2014-11-06T16:36:37.309798700Z
8611748.1d24: FileAttributes: 0x20
8621748.1d24: Size: 0x1ae60
8631748.1d24: NT Headers: 0xe8
8641748.1d24: Timestamp: 0x51873bf2
8651748.1d24: Machine: 0x8664 - amd64
8661748.1d24: Timestamp: 0x51873bf2
8671748.1d24: Image Version: 0.0
8681748.1d24: SizeOfImage: 0x1d000 (118784)
8691748.1d24: Resource Dir: 0x18000 LB 0x3c80
8701748.1d24: ProductName: Kaspersky™ Anti-Virus ®
8711748.1d24: ProductVersion: 1.0.0.12
8721748.1d24: FileVersion: 1.0.0.12
8731748.1d24: FileDescription: Filtering Platform Helper Class
8741748.1d24: Calling main()
8751748.1d24: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8761748.1d24: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8771748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8781748.1d24: SUPR3HardenedMain: Final process, opening VBoxDrv...
8791748.1d24: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000)
8801748.1d24: supR3HardNtEnableThreadCreation:
8811748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8821748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8831748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895300:C:\Windows\system32 [calling]
8841748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8851748.1d24: supR3HardenedDllNotificationCallback: load 000007fee3b80000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8861748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8871748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8881748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
8891748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8901748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8911748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
8921748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8931748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8941748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8951748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
8961748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8971748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8981748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8991748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
9001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9021748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
9031748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9051748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9061748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
9071748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
9081748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9091748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9101748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9111748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
9121748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
9131748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9141748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9151748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9161748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
9171748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9181748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9201748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9211748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9221748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9231748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9241748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895300:C:\Windows\system32 [calling]
9251748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9261748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
9271748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9281748.1d24: supR3HardenedDllNotificationCallback: load 000007feff680000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
9291748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9301748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
9311748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9321748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
9331748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9341748.1d24: supR3HardenedDllNotificationCallback: load 000007feff970000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
9351748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9361748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\Wintrust.dll'
9371748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
9381748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
9391748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9401748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9411748.1d24: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
9421748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9431748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPTSP.dll'
9441748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9451748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9461748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9481748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9491748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9501748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9511748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9521748.1d24: supR3HardenedDllNotificationCallback: load 000007fefca20000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9531748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9541748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\rsaenh.dll'
9551748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9561748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
9571748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
9581748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
9591748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9601748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9611748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9621748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9631748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9641748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9651748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9661748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9671748.1d24: supR3HardenedDllNotificationCallback: load 000007feff2c0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
9681748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9691748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9701748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9711748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9721748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9731748.1d24: supR3HardenedDllNotificationCallback: load 000007feff4b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
9741748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9751748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
9761748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9771748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9781748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9791748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9801748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9811748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9831748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9841748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9851748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9861748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
9871748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9881748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'C:\Windows\system32\CRYPTBASE.dll'
9891748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9901748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9911748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32\kernel32.dll'
9921748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9931748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9941748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\WINTRUST.DLL'
9951748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9961748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
9971748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\CRYPT32.dll'
9981748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9991748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
10001748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
10011748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10021748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10041748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10051748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10061748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10071748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10081748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
10091748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10101748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
10111748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10121748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\imagehlp.dll'
10131748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10141748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
10151748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPTSP.dll'
10161748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10171748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10181748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10211748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10221748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
10231748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10241748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10251748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
10261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
10271748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
10281748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10291748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
10301748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
10311748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
10321748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10331748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10341748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10351748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
10361748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
10371748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10381748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10391748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
10401748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
10411748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
10421748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10431748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10441748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10451748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10461748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10471748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10481748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10491748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10501748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10531748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10541748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10551748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10561748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10571748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
10581748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10591748.1d24: supR3HardenedDllNotificationCallback: load 0000000077570000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
10601748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10611748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd910000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
10621748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10631748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
10641748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
10651748.1d24: supR3HardenedDllNotificationCallback: load 000007feff5b0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
10661748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
10671748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10681748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
10691748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32\gdi32.dll'
10701748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10711748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
10721748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
10731748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
10741748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
10751748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
10761748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
10771748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10781748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
10791748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
10801748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
10811748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
10821748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
10831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10841748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10851748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10861748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10871748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10881748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10891748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
10901748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
10911748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10921748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10941748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10951748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10971748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10981748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11001748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11011748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
11021748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11031748.1d24: supR3HardenedDllNotificationCallback: load 000007feff3a0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
11041748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11051748.1d24: supR3HardenedDllNotificationCallback: load 000007feff860000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
11061748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
11071748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'C:\Windows\system32\IMM32.DLL'
11081748.1d24: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
11091748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
11101748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11111748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
11121748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
11131748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11141748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11151748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11161748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11171748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11181748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11191748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000895fa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.; [calling]
11201748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
11211748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00032000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
11221748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
11231748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\nvinitx.dll'
11241748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\USER32.dll'
11251748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
11261748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11271748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
11281748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
11291748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
11301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11321748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11331748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11341748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11351748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11361748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11371748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11381748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
11391748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11401748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11411748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11421748.1d24: supR3HardenedDllNotificationCallback: load 000007fefceb0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
11431748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11441748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11451748.1d24: supR3HardenedDllNotificationCallback: load 000007fefce80000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
11461748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11471748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\ncrypt.dll'
11481748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11491748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
11501748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
11511748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
11521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11541748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11551748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11561748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11571748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11581748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11591748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11601748.1d24: supR3HardenedDllNotificationCallback: load 000007fefc980000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
11611748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11621748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc980000 'C:\Windows\system32\bcryptprimitives.dll'
11631748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11641748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11651748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\bcrypt.dll'
11661748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11671748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11681748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
11691748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
11701748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
11711748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11721748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11731748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11741748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
11751748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
11761748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11771748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11781748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11791748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11801748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11811748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11841748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11851748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11861748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11871748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd8b0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
11881748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11891748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd550000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
11901748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11911748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8b0000 'C:\Windows\system32\USERENV.dll'
11921748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11931748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11941748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
11951748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11961748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11971748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11981748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
11991748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
12001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12021748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12051748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12061748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12071748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12081748.1d24: supR3HardenedDllNotificationCallback: load 000007fefc7c0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
12091748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12101748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7c0000 'C:\Windows\system32\GPAPI.dll'
12111748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12121748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
12131748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12141748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12151748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff970000 'C:\Windows\system32\rpcrt4.dll'
12161748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12171748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
12181748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12191748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12201748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12211748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
12221748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
12231748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
12241748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
12251748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
12271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
12281748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12291748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
12301748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
12311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12321748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12331748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12341748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12351748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12361748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12371748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12381748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12391748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12401748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12411748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12421748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12431748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12441748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12451748.1d24: supR3HardenedDllNotificationCallback: load 000007fef7b80000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
12461748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12471748.1d24: supR3HardenedDllNotificationCallback: load 000007feff0d0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
12481748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
12491748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12501748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12511748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12521748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12531748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12541748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12551748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12561748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12571748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12581748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12591748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12601748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12611748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12621748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12631748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12641748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12651748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12661748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12671748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12681748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12691748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12701748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12711748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12721748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12731748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12741748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12751748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12761748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12771748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12781748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12791748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
12801748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12811748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12821748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12831748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
12841748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd550000 'C:\Windows\system32\profapi.dll'
12851748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12861748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12871748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12881748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
12891748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12901748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12911748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12921748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12941748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12951748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12981748.1d24: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12991748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13001748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13011748.1d24: supR3HardenedDllNotificationCallback: load 000007fefee00000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
13021748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13031748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\Windows\system32\SHLWAPI.dll'
13041748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
13051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000907180
13061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
13081748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13091748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13101748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13111748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
13121748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13131748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
13141748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13151748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13161748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
13171748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13181748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13191748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
13201748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13211748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
13221748.1d24: g_pfnWinVerifyTrust=000007fefd781010
13231748.1d24: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13241748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
13251748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13261748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13271748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
13281748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13291748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13301748.1d24: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13311748.1d24: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13321748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
13331748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13341748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13351748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
13361748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13371748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13381748.1d24: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13391748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13401748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13411748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13421748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
13431748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13441748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13451748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13461748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
13471748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13481748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13491748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
13501748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13511748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13521748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13531748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
13541748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13551748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13561748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
13571748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13591748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13601748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
13611748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13631748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
13641748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13651748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13661748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13671748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
13681748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13691748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13701748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
13711748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13721748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13731748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13741748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
13751748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13761748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13771748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
13781748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13791748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13801748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13811748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
13821748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13831748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13841748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13851748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
13861748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13871748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13881748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13891748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
13901748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13911748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
13921748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
13931748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13941748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13951748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13961748.1d24: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
13971748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\nvinitx.dll
13981748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
13991748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14001748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=17C33C068D11D610304E3607D9DE6F23714F268F
14011748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT'; file='\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
14021748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
14031748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
14041748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
14051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
14081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
14091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14101748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
14111748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
14121748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14131748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14141748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
14151748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
14161748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14171748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
14181748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
14191748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14201748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14211748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
14221748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
14231748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14241748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
14251748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
14261748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14271748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14281748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
14291748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
14301748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14311748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
14321748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
14331748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14341748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14351748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
14361748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14371748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14381748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14391748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
14401748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14411748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14421748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
14431748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
14441748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14451748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
14461748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
14471748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14481748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14491748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
14501748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14511748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14521748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14531748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
14541748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14551748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14561748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
14571748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14591748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14601748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
14611748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14631748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
14641748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14651748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14661748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14671748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
14681748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14691748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14701748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
14711748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14721748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14731748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14741748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
14751748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
14761748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14771748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14781748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
14791748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14801748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14811748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14821748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14831748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14841748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14851748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
14861748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14871748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14881748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14891748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
14901748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14911748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14921748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
14931748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14941748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14951748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14961748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
14971748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
14981748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
14991748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
15001748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
15011748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15021748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
15031748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
15041748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
15061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
15071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
15081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
15091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15101748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
15111748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
15121748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
15131748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
15141748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
15151748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
15161748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15171748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
15181748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
15191748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006132d0:C:\Windows\system32 [calling]
15201748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\crypt32.dll'
15211748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x931b1e57191b900 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
15221748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
15231748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
15241748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
15251748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15261748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x3b163587ee55bd00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
15271748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15281748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x24af7ef66de39b00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
15291748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15301748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x330a63011bf0c600 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
15311748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15321748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15331748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15341748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15351748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15361748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15371748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15381748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15391748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15401748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15411748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
15421748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15431748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
15441748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15451748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15461748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15471748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15481748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
15491748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15501748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
15511748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15521748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
15531748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15541748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15551748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
15561748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15571748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
15581748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
15591748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15601748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
15611748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15621748.1d24: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15631748.1d24: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
15641748.1d24: SUPR3HardenedMain: Load Runtime...
15651748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15661748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15671748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
15681748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
15691748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
15701748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15711748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15721748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15731748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15741748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15751748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15761748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15771748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
15781748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
15791748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
15801748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
15811748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15821748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15831748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15841748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
15851748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
15861748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15871748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15881748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15891748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15901748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
15911748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15921748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15941748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
15951748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15981748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
16001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
16011748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
16021748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
16031748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
16041748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
16051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
16061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16071748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
16081748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
16091748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16101748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16111748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
16121748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16131748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16141748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16151748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
16161748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16171748.1d24: supR3HardenedDllNotificationCallback: load 000007fee16e0000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
16181748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16191748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16201748.1d24: supR3HardenedDllNotificationCallback: load 00000000586f0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
16211748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16221748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16231748.1d24: supR3HardenedDllNotificationCallback: load 00000000578e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
16241748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16251748.1d24: supR3HardenedDllNotificationCallback: load 000007feff4d0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
16261748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16271748.1d24: supR3HardenedDllNotificationCallback: load 000007feff520000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
16281748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
16291748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16301748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16311748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16321748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16331748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16341748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16351748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16361748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16371748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16381748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16391748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16401748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16411748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16421748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16431748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16441748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16451748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16461748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16471748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16481748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16491748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16501748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16511748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16521748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16531748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16541748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16551748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16561748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16571748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16581748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16591748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16601748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16611748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16621748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16631748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16641748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16651748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16661748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16671748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16681748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16691748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16701748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16711748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16721748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16731748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092d370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32\NV;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\apache-ant-1.8.3\bin;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\doxygen\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\pgAdmin III\1.16;C:\Program Files\Oracle\VirtualBox;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Git-tf;C:\Program Files (x86)\Git\cmd;C:\Program Files\kdiff3;;.;;.;;.; [calling]
16741748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16751748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16761748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16771748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16781748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
16791748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000918120:C:\Windows\system32 [calling]
16801748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\Wintrust.dll'
16811748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
16821748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000918120:C:\Windows\system32 [calling]
16831748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\crypt32.dll'
16841748.1d24: SUPR3HardenedMain: Load TrustedMain...
16851748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16861748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
16871748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
16881748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16891748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
16901748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
16911748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
16921748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
16931748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
16941748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
16951748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
16961748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
16971748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
16981748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
16991748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
17001748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
17011748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
17021748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
17061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
17071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
17081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
17091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
17101748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17111748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17121748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17131748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
17141748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
17151748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
17161748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
17171748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
17181748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
17191748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
17201748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
17211748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
17221748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17231748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17241748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
17251748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17261748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17271748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
17281748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
17291748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
17301748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
17311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17321748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17331748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17341748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
17351748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
17361748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
17371748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
17381748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17391748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17401748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17411748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17421748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17431748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
17441748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
17451748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17461748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17481748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
17491748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
17501748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
17511748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
17521748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
17531748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17541748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17551748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17561748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
17571748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17581748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
17591748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
17601748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17611748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
17631748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
17641748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
17651748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
17661748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
17671748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17681748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17691748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
17701748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
17711748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
17721748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
17731748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
17741748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17751748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17761748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17771748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17781748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17791748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17801748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17811748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
17831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
17841748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
17851748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17861748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
17871748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
17881748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
17891748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
17901748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
17911748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
17921748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
17931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
17941748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
17951748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
17961748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
17971748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
17981748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
17991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18011748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18021748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
18031748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
18041748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18051748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18061748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
18071748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
18081748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18091748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
18101748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
18111748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
18121748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
18131748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
18141748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
18151748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18161748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18171748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18181748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18191748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
18201748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18211748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
18221748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18231748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18241748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
18251748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18281748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18291748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18311748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18321748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18331748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18341748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18351748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18361748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
18371748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
18381748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
18391748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
18401748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
18411748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18421748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18431748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18441748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18451748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
18461748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
18471748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18481748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
18491748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
18531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
18541748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
18551748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
18561748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
18571748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
18581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
18591748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18601748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18611748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18621748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
18631748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18641748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
18651748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
18661748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
18671748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18681748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18691748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18701748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
18711748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
18721748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
18731748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
18741748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
18751748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18761748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18771748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18781748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18791748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
18801748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
18811748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18841748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18851748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18861748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18871748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18881748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18891748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18901748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18911748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18921748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18941748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18951748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18981748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19001748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19021748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19051748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19061748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19071748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19081748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19091748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19101748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19111748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19121748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19131748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19141748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19151748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19161748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19171748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19181748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19211748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19221748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
19231748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
19241748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
19251748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
19261748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
19271748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
19281748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
19291748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19301748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19311748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19321748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19331748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
19341748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
19351748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19361748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19371748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19381748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19391748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19401748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19411748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19421748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19431748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19441748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
19451748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
19461748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19481748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19491748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19511748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19541748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19551748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19561748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19571748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19581748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19591748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19601748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19611748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19621748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19631748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19641748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
19651748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
19661748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
19671748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19681748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19691748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19701748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19711748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19721748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19731748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19741748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19751748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19761748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19771748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19781748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19791748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19801748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
19811748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19841748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19851748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19861748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19871748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
19881748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19891748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19901748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19911748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19921748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19931748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19941748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19951748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19981748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20021748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20051748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20061748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20071748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
20091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
20101748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
20111748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
20121748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
20131748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20141748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20151748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20161748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20171748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
20181748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
20191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20211748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20221748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20231748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20241748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20251748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20281748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20291748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20321748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20331748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20341748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20351748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20361748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20371748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20381748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20391748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20401748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20411748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20421748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20431748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20441748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20451748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20461748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20481748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20491748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
20531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
20541748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20551748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
20561748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
20571748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
20581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
20591748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20601748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20611748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20621748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20631748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
20641748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20651748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20661748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20671748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
20681748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
20691748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
20701748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
20711748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
20721748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20731748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
20741748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
20751748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
20761748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20771748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
20781748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
20791748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
20801748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
20811748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
20821748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20831748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20841748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
20851748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
20861748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
20871748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
20881748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
20891748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
20901748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
20911748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20921748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20931748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
20941748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20951748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
20961748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
20971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20981748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21021748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21051748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21061748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21071748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
21081748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
21091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
21101748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
21111748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
21121748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
21131748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
21141748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21151748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21161748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
21171748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
21181748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
21191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21211748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21221748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21231748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21241748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21251748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21281748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21291748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21321748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21331748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
21341748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
21351748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
21361748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
21371748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21381748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21391748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21401748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21411748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
21421748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21431748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21441748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21451748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21461748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21481748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21491748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21541748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21551748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21561748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21571748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21581748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21591748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21601748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21611748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
21621748.1d24: supR3HardenedDllNotificationCallback: load 000007fee0e60000 LB 0x00873000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
21631748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
21641748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21651748.1d24: supR3HardenedDllNotificationCallback: load 000007fee1e30000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
21661748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21671748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
21681748.1d24: supR3HardenedDllNotificationCallback: load 000007fee1e00000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
21691748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
21701748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21711748.1d24: supR3HardenedDllNotificationCallback: load 000007fee3f90000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
21721748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21731748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21741748.1d24: supR3HardenedDllNotificationCallback: load 000007fee3f80000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
21751748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21761748.1d24: supR3HardenedDllNotificationCallback: load 000007fefec20000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
21771748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
21781748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd7d0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
21791748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21801748.1d24: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
21811748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21821748.1d24: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
21831748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21841748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd8e0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
21851748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
21861748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21871748.1d24: supR3HardenedDllNotificationCallback: load 000007fefb640000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
21881748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21891748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21901748.1d24: supR3HardenedDllNotificationCallback: load 0000000057600000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
21911748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21921748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
21931748.1d24: supR3HardenedDllNotificationCallback: load 0000000056c90000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
21941748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
21951748.1d24: supR3HardenedDllNotificationCallback: load 000007feff7c0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
21961748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
21971748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
21981748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21991748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22001748.1d24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
22011748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
22021748.1d24: supR3HardenedDllNotificationCallback: load 000007fef9e10000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
22031748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
22041748.1d24: supR3HardenedDllNotificationCallback: load 000007fefde90000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
22051748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22061748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22071748.1d24: supR3HardenedDllNotificationCallback: load 000007fefb910000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
22081748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22091748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
22101748.1d24: supR3HardenedDllNotificationCallback: load 000007fefb290000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
22111748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
22121748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
22131748.1d24: supR3HardenedDllNotificationCallback: load 0000000056b80000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
22141748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
22151748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
22161748.1d24: supR3HardenedDllNotificationCallback: load 0000000056aa0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
22171748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
22181748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
22191748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
22201748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
22211748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
22221748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
22231748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22241748.1d24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
22251748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
22261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22281748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22291748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22321748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948890:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22331748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'C:\Windows\system32\imm32.dll'
22341748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0e60000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
22351748.1d24: SUPR3HardenedMain: Calling TrustedMain (000007fee0e61ca0)...
22361748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22371748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22381748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
22391748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22401748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
22411748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
22421748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
22431748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
22441748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22451748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22461748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22471748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
22481748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
22491748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22531748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22541748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22551748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22561748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f12d0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22571748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22581748.1d24: supR3HardenedDllNotificationCallback: load 000007fefba00000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
22591748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22601748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22611748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22621748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f12d0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22631748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22641748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22651748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1380:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22661748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22671748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22681748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1380:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22691748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22701748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22711748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22721748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\dwmapi.dll'
22731748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
22741748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22751748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'C:\Windows\system32\CRYPTBASE.dll'
22761748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22771748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22781748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde90000 'C:\Windows\system32\shell32.dll'
22791748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
22801748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22811748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32\kernel32.dll'
22821748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22831748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22841748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22851748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22861748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22871748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22881748.1d24: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
22891748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22901748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
22911748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\user32.dll'
22921748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22931748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22941748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba00000 'C:\Windows\system32\uxtheme.dll'
22951748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\user32.dll'
22961748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\advapi32.dll'
22971748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
22981748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22991748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8b0000 'C:\Windows\system32\userenv.dll'
23001748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
23011748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23021748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32\kernel32.dll'
23031748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23041748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
23051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
23061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
23071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
23081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23091748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23101748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
23111748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23121748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23131748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23141748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
23151748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
23161748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23171748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23181748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23211748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23221748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23231748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23241748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
23251748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23281748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23291748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23311748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23321748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
23331748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23341748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23351748.1d24: supR3HardenedDllNotificationCallback: load 000007feff720000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
23361748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23371748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff720000 'C:\Windows\system32\CLBCatQ.DLL'
23381748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
23391748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
23401748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948f50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23411748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPTSP.dll'
23421748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
23431748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
23441748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
23451748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
23461748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
23471748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23481748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
23491748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
23501748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
23511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23531748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948f50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23541748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
23551748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd460000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
23561748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
23571748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\Windows\system32\RpcRtRemote.dll'
23581748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23591748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f14e0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23601748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\oleaut32.dll'
23611748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
23621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
23631748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
23641748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
23651748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
23661748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23671748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
23681748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
23691748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009492b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23701748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
23711748.1d24: supR3HardenedDllNotificationCallback: load 000007fefd3c0000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
23721748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
23731748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3c0000 'C:\Windows\system32\SXS.DLL'
23741748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
23751748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23761748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000949580:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23771748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\OLEAUT32.dll'
23781748.1d24: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
23791748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000949580:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23801748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
23811748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32\gdi32.dll'
23821748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23831748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23841748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23851748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23861748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
23871748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
23881748.11b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
23891748.11b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
23901748.11b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23911748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23921748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23931748.11b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23941748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23951748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23961748.11b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23971748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23981748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23991748.11b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24001748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24011748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24021748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24031748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24041748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24051748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24061748.11b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24071748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24081748.11b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24091748.11b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b41820:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24101748.11b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24111748.11b8: supR3HardenedDllNotificationCallback: load 000007fee06a0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
24121748.11b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24131748.11b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee06a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
24141748.bc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24151748.bc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24161748.bc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
24171748.bc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24181748.bc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24191748.bc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24201748.bc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24211748.bc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24221748.bc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16170:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24231748.bc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24241748.bc8: supR3HardenedDllNotificationCallback: load 000007fee3850000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
24251748.bc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24261748.bc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3850000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
24271748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
24281748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16170:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24291748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\user32.dll'
24301748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24311748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000949340:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24321748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde90000 'C:\Windows\system32\shell32.dll'
24331748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
24341748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
24351748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
24361748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24371748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24381748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll)WinVerifyTrust
24391748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
24401748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24411748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24421748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24431748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24441748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24451748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24461748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24471748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24481748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24491748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24531748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033ded00:C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24541748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
24551748.1d24: supR3HardenedDllNotificationCallback: load 0000000010000000 LB 0x00065000 C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll [fFlags=0x0]
24561748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
24571748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
24581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
24591748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
24601748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
24611748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
24621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24631748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)WinVerifyTrust
24641748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
24651748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24661748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
24671748.1d24: supR3HardenedDllNotificationCallback: load 0000000077950000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
24681748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
24691748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077950000 'C:\Windows\system32\PSAPI.DLL'
24701748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000010000000 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
24711748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
24721748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24731748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24741748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\ole32.dll'
24751748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
24761748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1900:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24771748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff860000 'C:\Windows\system32\MSCTF.dll'
24781748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\ole32.dll'
24791748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\OLEAUT32.dll'
24801748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24811748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
24821748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
24831748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
24841748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
24851748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24861748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24871748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
24881748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24891748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24901748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
24911748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
24921748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
24931748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24941748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24951748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24961748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24981748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25011748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25021748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25041748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25051748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25061748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
25071748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
25081748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
25091748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
25101748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25111748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25121748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
25131748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
25141748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25151748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
25161748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
25171748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25181748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25191748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25201748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25211748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25221748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25231748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25241748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25251748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25261748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25271748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25281748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25291748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25301748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25311748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009367b0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25321748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25331748.1d24: supR3HardenedDllNotificationCallback: load 000007fef9eb0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
25341748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25351748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25361748.1d24: supR3HardenedDllNotificationCallback: load 000007fefa1f0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
25371748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25381748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9eb0000 'C:\Windows\system32\wbem\wbemprox.dll'
25391748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a24 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25401748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
25411748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
25421748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
25431748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
25441748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25451748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25461748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
25471748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
25481748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25491748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25501748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25511748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25521748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25531748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009373b0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25541748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25551748.1d24: supR3HardenedDllNotificationCallback: load 000007fef5fe0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
25561748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25571748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5fe0000 'C:\Windows\system32\wbem\wbemsvc.dll'
25581748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25591748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
25601748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
25611748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
25621748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
25631748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25641748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25651748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
25661748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
25671748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
25681748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25691748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
25701748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
25711748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25721748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
25731748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
25741748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
25751748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
25761748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
25771748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
25781748.1d24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
25791748.1d24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25801748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25811748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
25821748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
25831748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
25841748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
25851748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25861748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25871748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25881748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25891748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25901748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25911748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25921748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25931748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25941748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25951748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25961748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25971748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25981748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25991748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26001748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26011748.1d24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
26021748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26031748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26041748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009367b0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26051748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26061748.1d24: supR3HardenedDllNotificationCallback: load 000007fefa280000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
26071748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26081748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26091748.1d24: supR3HardenedDllNotificationCallback: load 000007fefa1c0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
26101748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26111748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa280000 'C:\Windows\system32\wbem\fastprox.dll'
26121748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\OLEAUT32.dll'
26131748.1d24: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
26141748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
26151748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b16a70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26161748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9e10000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
26171748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\OLEAUT32.DLL'
26181748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26191748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
26201748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26211748.e20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
26221748.e20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26231748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26241748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26251748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
26261748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
26271748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
26281748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26291748.e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
26301748.e20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
26311748.e20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26321748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26331748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26341748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26351748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26361748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26371748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26381748.e20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26391748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26401748.e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26411748.e20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26421748.e20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26431748.e20: supR3HardenedDllNotificationCallback: load 000007fee0030000 LB 0x00260000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26441748.e20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26451748.e20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26461748.e20: supR3HardenedDllNotificationCallback: load 00000000579b0000 LB 0x00109000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
26471748.e20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26481748.e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0030000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26491748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af4 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
26501748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
26511748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
26521748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
26531748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
26541748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26551748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
26561748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26571748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
26581748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
26591748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26601748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
26611748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
26621748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
26631748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll)WinVerifyTrust
26641748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
26651748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
26661748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
26671748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26681748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
26691748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
26701748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
26711748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
26721748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26731748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26741748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
26751748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
26761748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
26771748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
26781748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26791748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26801748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26811748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26821748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26831748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26841748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26851748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26861748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26871748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26881748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26891748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26901748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26911748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26921748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26931748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26941748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
26951748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26961748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26971748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
26981748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
26991748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
27001748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
27011748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
27021748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
27031748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
27041748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27051748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27061748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27071748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
27081748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust
27091748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27101748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27111748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27121748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27131748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27141748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27151748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27161748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27171748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27181748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27191748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27201748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27211748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27221748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1f30:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27231748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
27241748.928: supR3HardenedDllNotificationCallback: load 000007fef7920000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
27251748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
27261748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27271748.928: supR3HardenedDllNotificationCallback: load 000007fef96c0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
27281748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27291748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27301748.928: supR3HardenedDllNotificationCallback: load 000007fef96b0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
27311748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27321748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7920000 'C:\Windows\system32\netcfgx.dll'
27331748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27341748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27351748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec20000 'C:\Windows\system32\SETUPAPI.dll'
27361748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27371748.928: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
27381748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
27391748.928: supR3HardenedDllNotificationCallback: load 000007fefc7e0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
27401748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
27411748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b04 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
27421748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
27431748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
27441748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
27451748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27461748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27471748.928: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27481748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
27491748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27501748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27511748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27521748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\WINTRUST.dll'
27531748.1ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27541748.1ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27551748.1ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27561748.1ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27571748.1ddc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
27581748.1ddc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27591748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27601748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27611748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27621748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27631748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27641748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27651748.1ddc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27661748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27671748.1ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27681748.1ddc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27691748.1ddc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27701748.1ddc: supR3HardenedDllNotificationCallback: load 000007fefafa0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27711748.1ddc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27721748.1ddc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27731748.1140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27741748.1140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27751748.1140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
27761748.1140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27771748.1140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27781748.1140: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27791748.1140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27801748.1140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27811748.1140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27821748.1140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27831748.1140: supR3HardenedDllNotificationCallback: load 000007fefaf20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
27841748.1140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27851748.1140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
27861748.2268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27871748.2268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27881748.2268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27891748.2268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
27901748.2268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27911748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27921748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27931748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27941748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27951748.2268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
27961748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27971748.2268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27981748.2268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27991748.2268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28001748.2268: supR3HardenedDllNotificationCallback: load 000007fefaeb0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
28011748.2268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28021748.2268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaeb0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
28031748.15e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28041748.15e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28051748.15e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28061748.15e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
28071748.15e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28081748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28091748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28101748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28111748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28121748.15e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
28131748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28141748.15e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28151748.15e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28161748.15e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28171748.15e4: supR3HardenedDllNotificationCallback: load 000007fefaf10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
28181748.15e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28191748.15e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
28201748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28211748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28221748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0030000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28231748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28241748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28251748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28261748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28271748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28281748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
28291748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28301748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28311748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28321748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28331748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28341748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28351748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28361748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28371748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28381748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28391748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28401748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28411748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
28421748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28431748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28441748.928: supR3HardenedDllNotificationCallback: load 000007fef74d0000 LB 0x00031000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28451748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28461748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef74d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
28471748.928: supR3HardenedDllNotificationCallback: Unload 000007fef74d0000 LB 0x00031000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
28481748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28491748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28501748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28511748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
28521748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
28531748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28541748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28551748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
28561748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
28571748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
28581748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
28591748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28601748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
28611748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28621748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28631748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28641748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28651748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28661748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28671748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28681748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28691748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28701748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28711748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28721748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28731748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28741748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28751748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28761748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28771748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28781748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
28791748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28801748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28811748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28821748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28831748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28841748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28851748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28861748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
28871748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
28881748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
28891748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28901748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28911748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28921748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28931748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28941748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28951748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28961748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28971748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28981748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28991748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
29001748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
29011748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c70 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
29021748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
29031748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
29041748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
29051748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
29061748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29071748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29081748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29091748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29101748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29111748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
29121748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
29131748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
29141748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
29151748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
29161748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29171748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29181748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29191748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29201748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29211748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29221748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29231748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29241748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29251748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29261748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29271748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29281748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29291748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29301748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29311748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29321748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29331748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29341748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29351748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
29361748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
29371748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
29381748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
29391748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
29401748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29411748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29421748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29431748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29441748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29451748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29461748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29471748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29481748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29491748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29501748.928: supR3HardenedDllNotificationCallback: load 000007fedd890000 LB 0x008cc000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
29511748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29521748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29531748.928: supR3HardenedDllNotificationCallback: load 000007fee0da0000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
29541748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29551748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
29561748.928: supR3HardenedDllNotificationCallback: load 000007fee0e00000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
29571748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
29581748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29591748.928: supR3HardenedDllNotificationCallback: load 000007fef74d0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
29601748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29611748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd890000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
29621748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29631748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29641748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29651748.928: supR3HardenedDllNotificationCallback: load 000007fef81b0000 LB 0x00031000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29661748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29671748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef81b0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
29681748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
29691748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29701748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
29711748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee06a0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
29721748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29731748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29741748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29751748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef74d0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
29761748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29771748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29781748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
29791748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29801748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29811748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29821748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29831748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29841748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29851748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29861748.928: supR3HardenedDllNotificationCallback: load 000007fef7640000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
29871748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29881748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7640000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
29891748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29901748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29911748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
29921748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29931748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29941748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29951748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29961748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29971748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29981748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29991748.928: supR3HardenedDllNotificationCallback: load 000007fef7860000 LB 0x00016000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
30001748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30011748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7860000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
30021748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30031748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30041748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
30051748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30061748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30071748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30081748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30091748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30101748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30111748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30121748.928: supR3HardenedDllNotificationCallback: load 000007fef6d80000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
30131748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30141748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d80000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
30151748.1a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30161748.1a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30171748.1a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30181748.1a48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
30191748.1a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30201748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30211748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30221748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30231748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30241748.1a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30251748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30261748.1a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30271748.1a48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30281748.1a48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30291748.1a48: supR3HardenedDllNotificationCallback: load 000007fef74c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
30301748.1a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30311748.1a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef74c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
30321748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30331748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30341748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
30351748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30361748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30371748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30381748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30391748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30401748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30411748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30421748.928: supR3HardenedDllNotificationCallback: load 000007fee3840000 LB 0x00008000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
30431748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30441748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3840000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
30451748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
30461748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30471748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
30481748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32/Iphlpapi.dll'
30491748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dfc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
30501748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
30511748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
30521748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
30531748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
30541748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30551748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30561748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
30571748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30581748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
30591748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)WinVerifyTrust
30601748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
30611748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
30621748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
30631748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
30641748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30651748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30661748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30671748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30681748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30691748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30701748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30711748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
30721748.928: supR3HardenedDllNotificationCallback: load 000007fef94c0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
30731748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
30741748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94c0000 'C:\Windows\system32\dhcpcsvc.DLL'
30751748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
30761748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30771748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\IPHLPAPI.DLL'
30781748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e00 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
30791748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
30801748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
30811748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
30821748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
30831748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30841748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30851748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
30861748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30871748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)WinVerifyTrust
30881748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
30891748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30901748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30911748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30921748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30931748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30941748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30951748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30961748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
30971748.928: supR3HardenedDllNotificationCallback: load 000007fef94a0000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
30981748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
30991748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\dhcpcsvc6.DLL'
31001748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31011748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31021748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\IPHLPAPI.DLL'
31031748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
31041748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
31051748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
31061748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
31071748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
31081748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31091748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31101748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31111748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31121748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31131748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
31141748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
31151748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
31161748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
31171748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
31181748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
31191748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
31201748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
31211748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
31221748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
31231748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
31241748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31251748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31261748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31271748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31281748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
31291748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31301748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31311748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31321748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31331748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31341748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31351748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
31361748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31371748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31381748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31391748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31401748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31411748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31421748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31431748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31441748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
31451748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31461748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31471748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31481748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31491748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1590:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31501748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31511748.928: supR3HardenedDllNotificationCallback: load 000007fefb950000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
31521748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31531748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31541748.928: supR3HardenedDllNotificationCallback: load 000007fefbda0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
31551748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31561748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31571748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b16dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31581748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Windows\System32\dsound.dll'
31591748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Windows\System32\dsound.dll'
31601748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e8c pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31611748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
31621748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
31631748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
31641748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
31651748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31661748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31671748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
31681748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31691748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
31701748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust
31711748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31721748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
31731748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
31741748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea4 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
31751748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
31761748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
31771748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
31781748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
31791748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31801748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31811748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
31821748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
31831748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
31841748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31851748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust
31861748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
31871748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31881748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31891748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31901748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31911748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31921748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31931748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31941748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31951748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31961748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31971748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31981748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31991748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32001748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32011748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32021748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32031748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f1590:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32041748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32051748.928: supR3HardenedDllNotificationCallback: load 000007fefbd20000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
32061748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32071748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
32081748.928: supR3HardenedDllNotificationCallback: load 000007fefbb90000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
32091748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
32101748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\ADVAPI32.dll'
32111748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd20000 'C:\Windows\System32\MMDevApi.dll'
32121748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\ole32.dll'
32131748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
32141748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32151748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec20000 'C:\Windows\system32\SETUPAPI.dll'
32161748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
32171748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32181748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\Windows\system32\SHLWAPI.dll'
32191748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32201748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32211748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd20000 'C:\Windows\system32\MMDEVAPI.DLL'
32221748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\ole32.dll'
32231748.1184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
32241748.1184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32251748.1184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7d0000 'C:\Windows\system32\CFGMGR32.dll'
32261748.1720: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee4 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32271748.1720: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
32281748.1720: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
32291748.1720: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B264B3670B74C7A34AEDBA5E942385CDC0D1C9
32301748.1720: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB3005607~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
32311748.1720: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32321748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32331748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32341748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32351748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
32361748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
32371748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
32381748.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32391748.1720: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust
32401748.1720: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32411748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32421748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32431748.1720: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32441748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32451748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32461748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32471748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32481748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32491748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32501748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32511748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32521748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32531748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32541748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32551748.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32561748.1720: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32571748.1720: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32581748.1720: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
32591748.1720: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32601748.1720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb310000 'C:\Windows\system32\AUDIOSES.DLL'
32611748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32621748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32631748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
32641748.928: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32651748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
32661748.928: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32671748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
32681748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff970000 'C:\Windows\system32\RPCRT4.dll'
32691748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32701748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32711748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd20000 'C:\Windows\system32\MMDevAPI.DLL'
32721748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f34 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32731748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
32741748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
32751748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
32761748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
32771748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32781748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32791748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32801748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32811748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
32821748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
32831748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
32841748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32851748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
32861748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust
32871748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32881748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32891748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32901748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f38 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
32911748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
32921748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
32931748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
32941748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
32951748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32961748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust
32971748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
32981748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32991748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33001748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33011748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
33021748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
33031748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f3c pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
33041748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
33051748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
33061748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
33071748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
33081748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33091748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33101748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust
33111748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33121748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33131748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33141748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
33151748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33161748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33171748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33181748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33191748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33201748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33211748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33221748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33231748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33241748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33251748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33261748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33271748.928: supR3HardenedDllNotificationCallback: load 000007fefb050000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
33281748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33291748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33301748.928: supR3HardenedDllNotificationCallback: load 0000000075230000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
33311748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33321748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33331748.928: supR3HardenedDllNotificationCallback: load 000007fefbcf0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
33341748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33351748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33361748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33371748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33381748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33391748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33401748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b172e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33411748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33421748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33431748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33441748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33451748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33461748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33471748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33481748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33491748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33501748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33511748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33521748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33531748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33541748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33551748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33561748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33571748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33581748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33591748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33601748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33611748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33621748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33631748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33641748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33651748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb050000 'C:\Windows\system32\wdmaud.drv'
33661748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f64 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
33671748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
33681748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
33691748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
33701748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
33711748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33721748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33731748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33741748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
33751748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
33761748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
33771748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust
33781748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33791748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33801748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33811748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33821748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
33831748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
33841748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f40 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
33851748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
33861748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
33871748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
33881748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
33891748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33901748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33911748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
33921748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33931748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33941748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
33951748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust
33961748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33971748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33981748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33991748.928: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34001748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34011748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34021748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34031748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34041748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34051748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34061748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34071748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34081748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34091748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34101748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34111748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34121748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34131748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34141748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34151748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34161748.928: supR3HardenedDllNotificationCallback: load 000007fefadd0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
34171748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34181748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34191748.928: supR3HardenedDllNotificationCallback: load 000007fefadb0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
34201748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34211748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34221748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34231748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34241748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34251748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34261748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34271748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34281748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34291748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34301748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34311748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34321748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34331748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34341748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34351748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34361748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34371748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34381748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34391748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34401748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34411748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34421748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\msacm32.drv'
34431748.928: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f68 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
34441748.928: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
34451748.928: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
34461748.928: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
34471748.928: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
34481748.928: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34491748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34501748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
34511748.928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
34521748.928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust
34531748.928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
34541748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34551748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34561748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34571748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34581748.928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34591748.928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34601748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34611748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34621748.928: supR3HardenedDllNotificationCallback: load 000007fefada0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
34631748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34641748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\midimap.dll'
34651748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34661748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34671748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\midimap.dll'
34681748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34691748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34701748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\midimap.dll'
34711748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34721748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34731748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\midimap.dll'
34741748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34751748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34761748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34771748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34781748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\ole32.dll'
34791748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34801748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34811748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34821748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34831748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34841748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34851748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34861748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34871748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34881748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34891748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34901748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34911748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34921748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34931748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34941748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\winmm.dll'
34951748.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
34961748.2150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f16f0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34971748.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb310000 'C:\Windows\System32\audioses.dll'
34981748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0030000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
34991748.928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
35001748.928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35011748.928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
35021748.928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077670000 'C:\Windows\system32/kernel32.dll'
35031748.e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\OLEAUT32.dll'
35041748.16e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
35051748.16e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35061748.16e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcf0000 'C:\Windows\system32\avrt.dll'
35071748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
35081748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
35091748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
35101748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
35111748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
35121748.22e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35131748.22e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35141748.22e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
35151748.22e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
35161748.22e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
35171748.22e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll)WinVerifyTrust
35181748.22e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
35191748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
35201748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
35211748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35221748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35231748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35241748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35251748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35261748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35271748.22e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35281748.22e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
35291748.22e4: supR3HardenedDllNotificationCallback: load 000007fefccd0000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
35301748.22e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
35311748.22e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccd0000 'C:\Windows\system32\mswsock.dll'
35321748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
35331748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000907180
35341748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000907180
35351748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
35361748.22e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
35371748.22e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35381748.22e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
35391748.22e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL)WinVerifyTrust
35401748.22e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
35411748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
35421748.22e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
35431748.22e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000948800:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35441748.22e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
35451748.22e4: supR3HardenedDllNotificationCallback: load 000007fefc610000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
35461748.22e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
35471748.22e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc610000 'C:\Windows\System32\wshtcpip.dll'
35481748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
35491748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b17a30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35501748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\WINTRUST.DLL'
35511748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
35521748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000004b17a30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35531748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\CRYPT32.dll'
35541748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Windows\system32\cryptnet.dll'
35551748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
35561748.1d24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
35571748.1d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll)WinVerifyTrust
35581748.1d24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
35591748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
35601748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
35611748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35621748.1d24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35631748.1d24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033de8a0:C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35641748.1d24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
35651748.1d24: supR3HardenedDllNotificationCallback: load 0000000000fe0000 LB 0x00038000 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll [fFlags=0x0]
35661748.1d24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
35671748.1d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000fe0000 'C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy