VirtualBox

Ticket #13713: VBoxStartup.log

File VBoxStartup.log, 329.9 KB (added by mkorning, 9 years ago)

latest VboxStartup.log from VirtualBox-4.3.26-98988-Win.exe

Line 
119c.4d8: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
219c.4d8: \SystemRoot\System32\ntdll.dll:
319c.4d8: CreationTime: 2014-11-10T15:54:07.131122600Z
419c.4d8: LastWriteTime: 2014-11-10T15:54:07.146722600Z
519c.4d8: ChangeTime: 2014-11-12T13:56:04.245310400Z
619c.4d8: FileAttributes: 0x20
719c.4d8: Size: 0x1a6dc0
819c.4d8: NT Headers: 0xe0
919c.4d8: Timestamp: 0x521eaf24
1019c.4d8: Machine: 0x8664 - amd64
1119c.4d8: Timestamp: 0x521eaf24
1219c.4d8: Image Version: 6.1
1319c.4d8: SizeOfImage: 0x1a9000 (1740800)
1419c.4d8: Resource Dir: 0x151000 LB 0x560d8
1519c.4d8: ProductName: Microsoft® Windows® Operating System
1619c.4d8: ProductVersion: 6.1.7601.18247
1719c.4d8: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
1819c.4d8: FileDescription: NT Layer DLL
1919c.4d8: \SystemRoot\System32\kernel32.dll:
2019c.4d8: CreationTime: 2014-11-10T14:45:33.466322600Z
2119c.4d8: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2219c.4d8: ChangeTime: 2014-11-12T13:56:04.885374400Z
2319c.4d8: FileAttributes: 0x20
2419c.4d8: Size: 0x11c000
2519c.4d8: NT Headers: 0xe8
2619c.4d8: Timestamp: 0x5315a059
2719c.4d8: Machine: 0x8664 - amd64
2819c.4d8: Timestamp: 0x5315a059
2919c.4d8: Image Version: 6.1
3019c.4d8: SizeOfImage: 0x11f000 (1175552)
3119c.4d8: Resource Dir: 0x116000 LB 0x528
3219c.4d8: ProductName: Microsoft® Windows® Operating System
3319c.4d8: ProductVersion: 6.1.7601.18409
3419c.4d8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3519c.4d8: FileDescription: Windows NT BASE API Client DLL
3619c.4d8: \SystemRoot\System32\KernelBase.dll:
3719c.4d8: CreationTime: 2014-11-10T14:55:46.627322600Z
3819c.4d8: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3919c.4d8: ChangeTime: 2014-11-12T13:56:04.899375800Z
4019c.4d8: FileAttributes: 0x20
4119c.4d8: Size: 0x67c00
4219c.4d8: NT Headers: 0xe8
4319c.4d8: Timestamp: 0x5315a05a
4419c.4d8: Machine: 0x8664 - amd64
4519c.4d8: Timestamp: 0x5315a05a
4619c.4d8: Image Version: 6.1
4719c.4d8: SizeOfImage: 0x6c000 (442368)
4819c.4d8: Resource Dir: 0x6a000 LB 0x530
4919c.4d8: ProductName: Microsoft® Windows® Operating System
5019c.4d8: ProductVersion: 6.1.7601.18409
5119c.4d8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
5219c.4d8: FileDescription: Windows NT BASE API Client DLL
5319c.4d8: \SystemRoot\System32\apisetschema.dll:
5419c.4d8: CreationTime: 2014-11-10T14:55:47.859722600Z
5519c.4d8: LastWriteTime: 2013-08-02T02:12:20.275000000Z
5619c.4d8: ChangeTime: 2014-11-10T16:23:46.810322600Z
5719c.4d8: FileAttributes: 0x20
5819c.4d8: Size: 0x1a00
5919c.4d8: NT Headers: 0xc0
6019c.4d8: Timestamp: 0x51fb15ca
6119c.4d8: Machine: 0x8664 - amd64
6219c.4d8: Timestamp: 0x51fb15ca
6319c.4d8: Image Version: 6.1
6419c.4d8: SizeOfImage: 0x50000 (327680)
6519c.4d8: Resource Dir: 0x30000 LB 0x3f8
6619c.4d8: ProductName: Microsoft® Windows® Operating System
6719c.4d8: ProductVersion: 6.1.7601.18229
6819c.4d8: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6919c.4d8: FileDescription: ApiSet Schema DLL
7019c.4d8: Found driver avgtdia (0x100)
7119c.4d8: supR3HardenedWinFindAdversaries: 0x100
7219c.4d8: \SystemRoot\System32\drivers\avgrkx64.sys:
7319c.4d8: CreationTime: 2013-10-23T06:05:08.000000000Z
7419c.4d8: LastWriteTime: 2013-10-23T06:05:08.000000000Z
7519c.4d8: ChangeTime: 2015-02-06T18:12:26.583595600Z
7619c.4d8: FileAttributes: 0x20
7719c.4d8: Size: 0xb338
7819c.4d8: NT Headers: 0xd8
7919c.4d8: Timestamp: 0x5267006a
8019c.4d8: Machine: 0x8664 - amd64
8119c.4d8: Timestamp: 0x5267006a
8219c.4d8: Image Version: 6.1
8319c.4d8: SizeOfImage: 0xd000 (53248)
8419c.4d8: Resource Dir: 0xc000 LB 0x4c0
8519c.4d8: ProductName: AVG Internet Security
8619c.4d8: ProductVersion: 13.0.0.3450
8719c.4d8: FileVersion: 13.0.0.3450
8819c.4d8: SpecialBuild: AvgVC10_2013_1022_230739(3450), SVNRev b4d4546 (release/SmallUpdate2013-06)
8919c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
9019c.4d8: FileDescription: AVG Anti-Rootkit Driver
9119c.4d8: \SystemRoot\System32\drivers\avgmfx64.sys:
9219c.4d8: CreationTime: 2013-07-01T06:45:28.000000000Z
9319c.4d8: LastWriteTime: 2013-07-01T06:45:28.000000000Z
9419c.4d8: ChangeTime: 2015-02-06T18:12:26.583595600Z
9519c.4d8: FileAttributes: 0x20
9619c.4d8: Size: 0x1c738
9719c.4d8: NT Headers: 0xd0
9819c.4d8: Timestamp: 0x51d0bf1d
9919c.4d8: Machine: 0x8664 - amd64
10019c.4d8: Timestamp: 0x51d0bf1d
10119c.4d8: Image Version: 6.1
10219c.4d8: SizeOfImage: 0x1f000 (126976)
10319c.4d8: Resource Dir: 0x1d000 LB 0x4d8
10419c.4d8: ProductName: AVG Internet Security
10519c.4d8: ProductVersion: 13.0.0.3382
10619c.4d8: FileVersion: 13.0.0.3382
10719c.4d8: SpecialBuild: AvgVC10_2013_0630_235517(3382), SVNRev 698e045 (release/SmallUpdate2013-05)
10819c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
10919c.4d8: FileDescription: AVG Resident Shield Minifilter Driver
11019c.4d8: \SystemRoot\System32\drivers\avgidsdrivera.sys:
11119c.4d8: CreationTime: 2013-11-25T06:48:36.000000000Z
11219c.4d8: LastWriteTime: 2013-11-25T06:48:36.000000000Z
11319c.4d8: ChangeTime: 2015-02-06T18:12:26.552395500Z
11419c.4d8: FileAttributes: 0x20
11519c.4d8: Size: 0x3c138
11619c.4d8: NT Headers: 0xd8
11719c.4d8: Timestamp: 0x52929a87
11819c.4d8: Machine: 0x8664 - amd64
11919c.4d8: Timestamp: 0x52929a87
12019c.4d8: Image Version: 6.1
12119c.4d8: SizeOfImage: 0x43000 (274432)
12219c.4d8: Resource Dir: 0x41000 LB 0x598
12319c.4d8: ProductName: AVG Internet Security
12419c.4d8: ProductVersion: 13.0.0.3458
12519c.4d8: FileVersion: 13.0.0.3458
12619c.4d8: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
12719c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
12819c.4d8: FileDescription: IDS Application Activity Monitor Driver.
12919c.4d8: \SystemRoot\System32\drivers\avgidsha.sys:
13019c.4d8: CreationTime: 2013-07-20T06:50:56.000000000Z
13119c.4d8: LastWriteTime: 2013-07-20T06:50:56.000000000Z
13219c.4d8: ChangeTime: 2015-02-06T18:12:26.552395500Z
13319c.4d8: FileAttributes: 0x20
13419c.4d8: Size: 0x11738
13519c.4d8: NT Headers: 0xd8
13619c.4d8: Timestamp: 0x51e9cccc
13719c.4d8: Machine: 0x8664 - amd64
13819c.4d8: Timestamp: 0x51e9cccc
13919c.4d8: Image Version: 6.1
14019c.4d8: SizeOfImage: 0x15000 (86016)
14119c.4d8: Resource Dir: 0x13000 LB 0x5a8
14219c.4d8: ProductName: AVG Internet Security
14319c.4d8: ProductVersion: 13.0.0.3388
14419c.4d8: FileVersion: 13.0.0.3388
14519c.4d8: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
14619c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
14719c.4d8: FileDescription: IDS Application Activity Monitor Helper Driver.
14819c.4d8: \SystemRoot\System32\drivers\avgtdia.sys:
14919c.4d8: CreationTime: 2014-10-17T20:34:46.000000000Z
15019c.4d8: LastWriteTime: 2014-10-17T20:34:46.000000000Z
15119c.4d8: ChangeTime: 2015-02-06T18:12:26.583595600Z
15219c.4d8: FileAttributes: 0x20
15319c.4d8: Size: 0x3ad38
15419c.4d8: NT Headers: 0xd8
15519c.4d8: Timestamp: 0x544118f4
15619c.4d8: Machine: 0x8664 - amd64
15719c.4d8: Timestamp: 0x544118f4
15819c.4d8: Image Version: 6.1
15919c.4d8: SizeOfImage: 0x3f000 (258048)
16019c.4d8: Resource Dir: 0x3d000 LB 0x508
16119c.4d8: ProductName: AVG Internet Security
16219c.4d8: ProductVersion: 13.0.0.3491
16319c.4d8: FileVersion: 13.0.0.3491
16419c.4d8: SpecialBuild: AvgVC10_2014_1017_135430(3491), SVNRev 904609031cc94b28fb1bdcace39081348987c40d (release/HotFix2013-18)
16519c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
16619c.4d8: FileDescription: AVG Network connection watcher
16719c.4d8: \SystemRoot\System32\drivers\avgloga.sys:
16819c.4d8: CreationTime: 2013-07-20T06:51:00.000000000Z
16919c.4d8: LastWriteTime: 2013-07-20T06:51:00.000000000Z
17019c.4d8: ChangeTime: 2015-02-06T18:12:26.552395500Z
17119c.4d8: FileAttributes: 0x20
17219c.4d8: Size: 0x4c138
17319c.4d8: NT Headers: 0xd0
17419c.4d8: Timestamp: 0x51e9ccbc
17519c.4d8: Machine: 0x8664 - amd64
17619c.4d8: Timestamp: 0x51e9ccbc
17719c.4d8: Image Version: 6.1
17819c.4d8: SizeOfImage: 0x4e000 (319488)
17919c.4d8: Resource Dir: 0x4c000 LB 0x4b0
18019c.4d8: ProductName: AVG Internet Security
18119c.4d8: ProductVersion: 13.0.0.3388
18219c.4d8: FileVersion: 13.0.0.3388
18319c.4d8: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
18419c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
18519c.4d8: FileDescription: AVG Logging Driver
18619c.4d8: \SystemRoot\System32\drivers\avgldx64.sys:
18719c.4d8: CreationTime: 2014-11-04T05:30:04.000000000Z
18819c.4d8: LastWriteTime: 2014-11-04T05:30:04.000000000Z
18919c.4d8: ChangeTime: 2015-02-06T18:12:26.552395500Z
19019c.4d8: FileAttributes: 0x20
19119c.4d8: Size: 0x33338
19219c.4d8: NT Headers: 0xd0
19319c.4d8: Timestamp: 0x54580cb7
19419c.4d8: Machine: 0x8664 - amd64
19519c.4d8: Timestamp: 0x54580cb7
19619c.4d8: Image Version: 6.1
19719c.4d8: SizeOfImage: 0x37000 (225280)
19819c.4d8: Resource Dir: 0x35000 LB 0x4f8
19919c.4d8: ProductName: AVG Internet Security
20019c.4d8: ProductVersion: 13.0.0.3494
20119c.4d8: FileVersion: 13.0.0.3494
20219c.4d8: SpecialBuild: AvgVC10_2014_1103_224628(3494), SVNRev 5014554899867ee5e408d33bd7ebe12631b8062d (release/HotFix2013-18)
20319c.4d8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
20419c.4d8: FileDescription: AVG AVI Loader Driver
20519c.4d8: Calling main()
20619c.4d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
20719c.4d8: SUPR3HardenedMain: Respawn #1
20819c.4d8: System32: \Device\HarddiskVolume2\Windows\System32
20919c.4d8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
21019c.4d8: KnownDllPath: C:\Windows\system32
21119c.4d8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
21219c.4d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
21319c.4d8: supR3HardNtEnableThreadCreation:
21419c.4d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f2c340 pvNtTerminateThread=0000000076f517e0
21519c.4d8: supR3HardenedWinDoReSpawn(1): New child d78.918 [kernel32].
21619c.4d8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
21719c.4d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f00000 uNtDllChildAddr=0000000076f00000
21819c.4d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f2c340
21919c.4d8: supR3HardenedWinSetupChildInit: Start child.
22019c.4d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
22119c.4d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 60 sleeps
22219c.4d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
22319c.4d8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
22419c.4d8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
22519c.4d8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
22619c.4d8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
22719c.4d8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
22819c.4d8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
22919c.4d8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
23019c.4d8: 0000000000051000-0000000000031fff 0x0001/0x0000 0x0000000
23119c.4d8: *0000000000070000-fffffffffff73fff 0x0000/0x0004 0x0020000
23219c.4d8: 000000000016c000-0000000000168fff 0x0104/0x0004 0x0020000
23319c.4d8: 000000000016f000-000000000016dfff 0x0004/0x0004 0x0020000
23419c.4d8: 0000000000170000-ffffffff893dffff 0x0001/0x0000 0x0000000
23519c.4d8: *0000000076f00000-0000000076efefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23619c.4d8: 0000000076f01000-0000000076dfefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23719c.4d8: 0000000077003000-0000000076fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23819c.4d8: 0000000077032000-0000000077029fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23919c.4d8: 000000007703a000-0000000077038fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24019c.4d8: 000000007703b000-0000000077037fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24119c.4d8: 000000007703e000-0000000076fd2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24219c.4d8: 00000000770a9000-000000006f171fff 0x0001/0x0000 0x0000000
24319c.4d8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
24419c.4d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
24519c.4d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
24619c.4d8: 000000007fff0000-ffffffffc04dffff 0x0001/0x0000 0x0000000
24719c.4d8: *000000013fb00000-000000013fafefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
24819c.4d8: 000000013fb01000-000000013fa7cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
24919c.4d8: 000000013fb85000-000000013fb83fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25019c.4d8: 000000013fb86000-000000013fb48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25119c.4d8: 000000013fbc3000-000000013fbc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25219c.4d8: 000000013fbc4000-000000013fbc2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25319c.4d8: 000000013fbc5000-000000013fbc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25419c.4d8: 000000013fbc7000-000000013fbc5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25519c.4d8: 000000013fbc8000-000000013fbc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25619c.4d8: 000000013fbc9000-000000013fbc4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25719c.4d8: 000000013fbcd000-000000013fb93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
25819c.4d8: 000000013fc06000-fffff803805ebfff 0x0001/0x0000 0x0000000
25919c.4d8: *000007feff220000-000007feff21efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
26019c.4d8: 000007feff221000-000007fdfe491fff 0x0001/0x0000 0x0000000
26119c.4d8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
26219c.4d8: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
26319c.4d8: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
26419c.4d8: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
26519c.4d8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
26619c.4d8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
26719c.4d8: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
26819c.4d8: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
26919c.4d8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
27019c.4d8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
27119c.4d8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
27219c.4d8: supR3HardNtChildPurify: Done after 544 ms and 0 fixes (loop #0).
273d78.918: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
274d78.918: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f00000
275d78.918: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
276d78.918: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
27719c.4d8: supR3HardNtEnableThreadCreation:
278d78.918: System32: \Device\HarddiskVolume2\Windows\System32
279d78.918: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
280d78.918: KnownDllPath: C:\Windows\system32
281d78.918: supR3HardenedVmProcessInit: Opening vboxdrv stub...
282d78.918: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
283d78.918: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
284d78.918: Registered Dll notification callback with NTDLL.
285d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
286d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
287d78.918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
288d78.918: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
289d78.918: supR3HardenedDllNotificationCallback: load 0000000076ce0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
290d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
291d78.918: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
292d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
293d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
294d78.918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ce0000 'C:\Windows\system32\kernel32.dll'
295d78.918: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f2c340 pvNtTerminateThread=0000000076f517e0
29619c.4d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 47 ms.
297d78.918: \SystemRoot\System32\ntdll.dll:
298d78.918: CreationTime: 2014-11-10T15:54:07.131122600Z
299d78.918: LastWriteTime: 2014-11-10T15:54:07.146722600Z
300d78.918: ChangeTime: 2014-11-12T13:56:04.245310400Z
301d78.918: FileAttributes: 0x20
302d78.918: Size: 0x1a6dc0
303d78.918: NT Headers: 0xe0
304d78.918: Timestamp: 0x521eaf24
305d78.918: Machine: 0x8664 - amd64
306d78.918: Timestamp: 0x521eaf24
307d78.918: Image Version: 6.1
308d78.918: SizeOfImage: 0x1a9000 (1740800)
309d78.918: Resource Dir: 0x151000 LB 0x560d8
310d78.918: ProductName: Microsoft® Windows® Operating System
311d78.918: ProductVersion: 6.1.7601.18247
312d78.918: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
313d78.918: FileDescription: NT Layer DLL
314d78.918: \SystemRoot\System32\kernel32.dll:
315d78.918: CreationTime: 2014-11-10T14:45:33.466322600Z
316d78.918: LastWriteTime: 2014-03-04T09:44:00.336000000Z
317d78.918: ChangeTime: 2014-11-12T13:56:04.885374400Z
318d78.918: FileAttributes: 0x20
319d78.918: Size: 0x11c000
320d78.918: NT Headers: 0xe8
321d78.918: Timestamp: 0x5315a059
322d78.918: Machine: 0x8664 - amd64
323d78.918: Timestamp: 0x5315a059
324d78.918: Image Version: 6.1
325d78.918: SizeOfImage: 0x11f000 (1175552)
326d78.918: Resource Dir: 0x116000 LB 0x528
327d78.918: ProductName: Microsoft® Windows® Operating System
328d78.918: ProductVersion: 6.1.7601.18409
329d78.918: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
330d78.918: FileDescription: Windows NT BASE API Client DLL
331d78.918: \SystemRoot\System32\KernelBase.dll:
332d78.918: CreationTime: 2014-11-10T14:55:46.627322600Z
333d78.918: LastWriteTime: 2014-03-04T09:44:00.336000000Z
334d78.918: ChangeTime: 2014-11-12T13:56:04.899375800Z
335d78.918: FileAttributes: 0x20
336d78.918: Size: 0x67c00
337d78.918: NT Headers: 0xe8
338d78.918: Timestamp: 0x5315a05a
339d78.918: Machine: 0x8664 - amd64
340d78.918: Timestamp: 0x5315a05a
341d78.918: Image Version: 6.1
342d78.918: SizeOfImage: 0x6c000 (442368)
343d78.918: Resource Dir: 0x6a000 LB 0x530
344d78.918: ProductName: Microsoft® Windows® Operating System
345d78.918: ProductVersion: 6.1.7601.18409
346d78.918: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
347d78.918: FileDescription: Windows NT BASE API Client DLL
348d78.918: \SystemRoot\System32\apisetschema.dll:
349d78.918: CreationTime: 2014-11-10T14:55:47.859722600Z
350d78.918: LastWriteTime: 2013-08-02T02:12:20.275000000Z
351d78.918: ChangeTime: 2014-11-10T16:23:46.810322600Z
352d78.918: FileAttributes: 0x20
353d78.918: Size: 0x1a00
354d78.918: NT Headers: 0xc0
355d78.918: Timestamp: 0x51fb15ca
356d78.918: Machine: 0x8664 - amd64
357d78.918: Timestamp: 0x51fb15ca
358d78.918: Image Version: 6.1
359d78.918: SizeOfImage: 0x50000 (327680)
360d78.918: Resource Dir: 0x30000 LB 0x3f8
361d78.918: ProductName: Microsoft® Windows® Operating System
362d78.918: ProductVersion: 6.1.7601.18229
363d78.918: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
364d78.918: FileDescription: ApiSet Schema DLL
365d78.918: Found driver avgtdia (0x100)
366d78.918: supR3HardenedWinFindAdversaries: 0x100
367d78.918: \SystemRoot\System32\drivers\avgrkx64.sys:
368d78.918: CreationTime: 2013-10-23T06:05:08.000000000Z
369d78.918: LastWriteTime: 2013-10-23T06:05:08.000000000Z
370d78.918: ChangeTime: 2015-02-06T18:12:26.583595600Z
371d78.918: FileAttributes: 0x20
372d78.918: Size: 0xb338
373d78.918: NT Headers: 0xd8
374d78.918: Timestamp: 0x5267006a
375d78.918: Machine: 0x8664 - amd64
376d78.918: Timestamp: 0x5267006a
377d78.918: Image Version: 6.1
378d78.918: SizeOfImage: 0xd000 (53248)
379d78.918: Resource Dir: 0xc000 LB 0x4c0
380d78.918: ProductName: AVG Internet Security
381d78.918: ProductVersion: 13.0.0.3450
382d78.918: FileVersion: 13.0.0.3450
383d78.918: SpecialBuild: AvgVC10_2013_1022_230739(3450), SVNRev b4d4546 (release/SmallUpdate2013-06)
384d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
385d78.918: FileDescription: AVG Anti-Rootkit Driver
386d78.918: \SystemRoot\System32\drivers\avgmfx64.sys:
387d78.918: CreationTime: 2013-07-01T06:45:28.000000000Z
388d78.918: LastWriteTime: 2013-07-01T06:45:28.000000000Z
389d78.918: ChangeTime: 2015-02-06T18:12:26.583595600Z
390d78.918: FileAttributes: 0x20
391d78.918: Size: 0x1c738
392d78.918: NT Headers: 0xd0
393d78.918: Timestamp: 0x51d0bf1d
394d78.918: Machine: 0x8664 - amd64
395d78.918: Timestamp: 0x51d0bf1d
396d78.918: Image Version: 6.1
397d78.918: SizeOfImage: 0x1f000 (126976)
398d78.918: Resource Dir: 0x1d000 LB 0x4d8
399d78.918: ProductName: AVG Internet Security
400d78.918: ProductVersion: 13.0.0.3382
401d78.918: FileVersion: 13.0.0.3382
402d78.918: SpecialBuild: AvgVC10_2013_0630_235517(3382), SVNRev 698e045 (release/SmallUpdate2013-05)
403d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
404d78.918: FileDescription: AVG Resident Shield Minifilter Driver
405d78.918: \SystemRoot\System32\drivers\avgidsdrivera.sys:
406d78.918: CreationTime: 2013-11-25T06:48:36.000000000Z
407d78.918: LastWriteTime: 2013-11-25T06:48:36.000000000Z
408d78.918: ChangeTime: 2015-02-06T18:12:26.552395500Z
409d78.918: FileAttributes: 0x20
410d78.918: Size: 0x3c138
411d78.918: NT Headers: 0xd8
412d78.918: Timestamp: 0x52929a87
413d78.918: Machine: 0x8664 - amd64
414d78.918: Timestamp: 0x52929a87
415d78.918: Image Version: 6.1
416d78.918: SizeOfImage: 0x43000 (274432)
417d78.918: Resource Dir: 0x41000 LB 0x598
418d78.918: ProductName: AVG Internet Security
419d78.918: ProductVersion: 13.0.0.3458
420d78.918: FileVersion: 13.0.0.3458
421d78.918: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
422d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
423d78.918: FileDescription: IDS Application Activity Monitor Driver.
424d78.918: \SystemRoot\System32\drivers\avgidsha.sys:
425d78.918: CreationTime: 2013-07-20T06:50:56.000000000Z
426d78.918: LastWriteTime: 2013-07-20T06:50:56.000000000Z
427d78.918: ChangeTime: 2015-02-06T18:12:26.552395500Z
428d78.918: FileAttributes: 0x20
429d78.918: Size: 0x11738
430d78.918: NT Headers: 0xd8
431d78.918: Timestamp: 0x51e9cccc
432d78.918: Machine: 0x8664 - amd64
433d78.918: Timestamp: 0x51e9cccc
434d78.918: Image Version: 6.1
435d78.918: SizeOfImage: 0x15000 (86016)
436d78.918: Resource Dir: 0x13000 LB 0x5a8
437d78.918: ProductName: AVG Internet Security
438d78.918: ProductVersion: 13.0.0.3388
439d78.918: FileVersion: 13.0.0.3388
440d78.918: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
441d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
442d78.918: FileDescription: IDS Application Activity Monitor Helper Driver.
443d78.918: \SystemRoot\System32\drivers\avgtdia.sys:
444d78.918: CreationTime: 2014-10-17T20:34:46.000000000Z
445d78.918: LastWriteTime: 2014-10-17T20:34:46.000000000Z
446d78.918: ChangeTime: 2015-02-06T18:12:26.583595600Z
447d78.918: FileAttributes: 0x20
448d78.918: Size: 0x3ad38
449d78.918: NT Headers: 0xd8
450d78.918: Timestamp: 0x544118f4
451d78.918: Machine: 0x8664 - amd64
452d78.918: Timestamp: 0x544118f4
453d78.918: Image Version: 6.1
454d78.918: SizeOfImage: 0x3f000 (258048)
455d78.918: Resource Dir: 0x3d000 LB 0x508
456d78.918: ProductName: AVG Internet Security
457d78.918: ProductVersion: 13.0.0.3491
458d78.918: FileVersion: 13.0.0.3491
459d78.918: SpecialBuild: AvgVC10_2014_1017_135430(3491), SVNRev 904609031cc94b28fb1bdcace39081348987c40d (release/HotFix2013-18)
460d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
461d78.918: FileDescription: AVG Network connection watcher
462d78.918: \SystemRoot\System32\drivers\avgloga.sys:
463d78.918: CreationTime: 2013-07-20T06:51:00.000000000Z
464d78.918: LastWriteTime: 2013-07-20T06:51:00.000000000Z
465d78.918: ChangeTime: 2015-02-06T18:12:26.552395500Z
466d78.918: FileAttributes: 0x20
467d78.918: Size: 0x4c138
468d78.918: NT Headers: 0xd0
469d78.918: Timestamp: 0x51e9ccbc
470d78.918: Machine: 0x8664 - amd64
471d78.918: Timestamp: 0x51e9ccbc
472d78.918: Image Version: 6.1
473d78.918: SizeOfImage: 0x4e000 (319488)
474d78.918: Resource Dir: 0x4c000 LB 0x4b0
475d78.918: ProductName: AVG Internet Security
476d78.918: ProductVersion: 13.0.0.3388
477d78.918: FileVersion: 13.0.0.3388
478d78.918: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
479d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
480d78.918: FileDescription: AVG Logging Driver
481d78.918: \SystemRoot\System32\drivers\avgldx64.sys:
482d78.918: CreationTime: 2014-11-04T05:30:04.000000000Z
483d78.918: LastWriteTime: 2014-11-04T05:30:04.000000000Z
484d78.918: ChangeTime: 2015-02-06T18:12:26.552395500Z
485d78.918: FileAttributes: 0x20
486d78.918: Size: 0x33338
487d78.918: NT Headers: 0xd0
488d78.918: Timestamp: 0x54580cb7
489d78.918: Machine: 0x8664 - amd64
490d78.918: Timestamp: 0x54580cb7
491d78.918: Image Version: 6.1
492d78.918: SizeOfImage: 0x37000 (225280)
493d78.918: Resource Dir: 0x35000 LB 0x4f8
494d78.918: ProductName: AVG Internet Security
495d78.918: ProductVersion: 13.0.0.3494
496d78.918: FileVersion: 13.0.0.3494
497d78.918: SpecialBuild: AvgVC10_2014_1103_224628(3494), SVNRev 5014554899867ee5e408d33bd7ebe12631b8062d (release/HotFix2013-18)
498d78.918: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
499d78.918: FileDescription: AVG AVI Loader Driver
500d78.918: Calling main()
501d78.918: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
502d78.918: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
503d78.918: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
504d78.918: SUPR3HardenedMain: Respawn #2
505d78.918: supR3HardNtEnableThreadCreation:
506d78.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
507d78.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
508d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
509d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
510d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
511d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
512d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
513d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
514d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
515d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
516d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
517d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
518d78.918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
519d78.918: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
520d78.918: supR3HardenedDllNotificationCallback: load 000007fefd130000 LB 0x000db000 C:\Windows\system32\ADVAPI32.DLL [fFlags=0x0]
521d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
522d78.918: supR3HardenedDllNotificationCallback: load 000007fefd940000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
523d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
524d78.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
525d78.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
526d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
527d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
528d78.918: supR3HardenedDllNotificationCallback: load 000007fefd080000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
529d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
530d78.918: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
531d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
532d78.918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.DLL'
533d78.918: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
534d78.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
535d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
536d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
537d78.918: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
538d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
539d78.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
540d78.918: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
541d78.918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
542d78.918: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
543d78.918: supR3HardenedDllNotificationCallback: load 000007fefcb00000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
544d78.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
545d78.918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\Windows\system32\apphelp.dll'
546d78.918: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f2c340 pvNtTerminateThread=0000000076f517e0
547d78.918: supR3HardenedWinDoReSpawn(2): New child 448.f64 [kernel32].
548d78.918: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
549d78.918: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f00000 uNtDllChildAddr=0000000076f00000
550d78.918: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f2c340
551d78.918: supR3HardenedWinSetupChildInit: Start child.
552d78.918: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
553d78.918: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
554d78.918: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
555d78.918: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
556d78.918: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
557d78.918: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
558d78.918: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
559d78.918: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
560d78.918: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
561d78.918: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
562d78.918: 0000000000051000-0000000000001fff 0x0001/0x0000 0x0000000
563d78.918: *00000000000a0000-fffffffffffa3fff 0x0000/0x0004 0x0020000
564d78.918: 000000000019c000-0000000000198fff 0x0104/0x0004 0x0020000
565d78.918: 000000000019f000-000000000019dfff 0x0004/0x0004 0x0020000
566d78.918: 00000000001a0000-ffffffff8943ffff 0x0001/0x0000 0x0000000
567d78.918: *0000000076f00000-0000000076efefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
568d78.918: 0000000076f01000-0000000076dfefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
569d78.918: 0000000077003000-0000000076fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
570d78.918: 0000000077032000-0000000077029fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
571d78.918: 000000007703a000-0000000077038fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
572d78.918: 000000007703b000-0000000077037fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
573d78.918: 000000007703e000-0000000076fd2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
574d78.918: 00000000770a9000-000000006f171fff 0x0001/0x0000 0x0000000
575d78.918: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
576d78.918: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
577d78.918: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
578d78.918: 000000007fff0000-ffffffffc04dffff 0x0001/0x0000 0x0000000
579d78.918: *000000013fb00000-000000013fafefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
580d78.918: 000000013fb01000-000000013fa7cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
581d78.918: 000000013fb85000-000000013fb83fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
582d78.918: 000000013fb86000-000000013fb48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
583d78.918: 000000013fbc3000-000000013fbc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
584d78.918: 000000013fbc4000-000000013fbc2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
585d78.918: 000000013fbc5000-000000013fbc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
586d78.918: 000000013fbc7000-000000013fbc5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
587d78.918: 000000013fbc8000-000000013fbc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
588d78.918: 000000013fbc9000-000000013fbc4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
589d78.918: 000000013fbcd000-000000013fb93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
590d78.918: 000000013fc06000-fffff803805ebfff 0x0001/0x0000 0x0000000
591d78.918: *000007feff220000-000007feff21efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
592d78.918: 000007feff221000-000007fdfe491fff 0x0001/0x0000 0x0000000
593d78.918: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
594d78.918: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
595d78.918: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
596d78.918: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
597d78.918: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
598d78.918: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
599d78.918: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
600d78.918: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
601d78.918: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
602d78.918: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
603d78.918: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
604d78.918: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
605448.f64: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
606448.f64: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f00000
607448.f64: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
608448.f64: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1740800 allocation)
609d78.918: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
610d78.918: supR3HardNtEnableThreadCreation:
611448.f64: System32: \Device\HarddiskVolume2\Windows\System32
612448.f64: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
613448.f64: KnownDllPath: C:\Windows\system32
614448.f64: supR3HardenedVmProcessInit: Opening vboxdrv...
615448.f64: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
616448.f64: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
617448.f64: Registered Dll notification callback with NTDLL.
618448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
619448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
620448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
621448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
622448.f64: supR3HardenedDllNotificationCallback: load 0000000076ce0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
623448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
624448.f64: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
625448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
626448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
627448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ce0000 'C:\Windows\system32\kernel32.dll'
628448.f64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f2c340 pvNtTerminateThread=0000000076f517e0
629d78.918: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms.
630448.f64: \SystemRoot\System32\ntdll.dll:
631448.f64: CreationTime: 2014-11-10T15:54:07.131122600Z
632448.f64: LastWriteTime: 2014-11-10T15:54:07.146722600Z
633448.f64: ChangeTime: 2014-11-12T13:56:04.245310400Z
634448.f64: FileAttributes: 0x20
635448.f64: Size: 0x1a6dc0
636448.f64: NT Headers: 0xe0
637448.f64: Timestamp: 0x521eaf24
638448.f64: Machine: 0x8664 - amd64
639448.f64: Timestamp: 0x521eaf24
640448.f64: Image Version: 6.1
641448.f64: SizeOfImage: 0x1a9000 (1740800)
642448.f64: Resource Dir: 0x151000 LB 0x560d8
643448.f64: ProductName: Microsoft® Windows® Operating System
644448.f64: ProductVersion: 6.1.7601.18247
645448.f64: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
646448.f64: FileDescription: NT Layer DLL
647448.f64: \SystemRoot\System32\kernel32.dll:
648448.f64: CreationTime: 2014-11-10T14:45:33.466322600Z
649448.f64: LastWriteTime: 2014-03-04T09:44:00.336000000Z
650448.f64: ChangeTime: 2014-11-12T13:56:04.885374400Z
651448.f64: FileAttributes: 0x20
652448.f64: Size: 0x11c000
653448.f64: NT Headers: 0xe8
654448.f64: Timestamp: 0x5315a059
655448.f64: Machine: 0x8664 - amd64
656448.f64: Timestamp: 0x5315a059
657448.f64: Image Version: 6.1
658448.f64: SizeOfImage: 0x11f000 (1175552)
659448.f64: Resource Dir: 0x116000 LB 0x528
660448.f64: ProductName: Microsoft® Windows® Operating System
661448.f64: ProductVersion: 6.1.7601.18409
662448.f64: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
663448.f64: FileDescription: Windows NT BASE API Client DLL
664448.f64: \SystemRoot\System32\KernelBase.dll:
665448.f64: CreationTime: 2014-11-10T14:55:46.627322600Z
666448.f64: LastWriteTime: 2014-03-04T09:44:00.336000000Z
667448.f64: ChangeTime: 2014-11-12T13:56:04.899375800Z
668448.f64: FileAttributes: 0x20
669448.f64: Size: 0x67c00
670448.f64: NT Headers: 0xe8
671448.f64: Timestamp: 0x5315a05a
672448.f64: Machine: 0x8664 - amd64
673448.f64: Timestamp: 0x5315a05a
674448.f64: Image Version: 6.1
675448.f64: SizeOfImage: 0x6c000 (442368)
676448.f64: Resource Dir: 0x6a000 LB 0x530
677448.f64: ProductName: Microsoft® Windows® Operating System
678448.f64: ProductVersion: 6.1.7601.18409
679448.f64: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
680448.f64: FileDescription: Windows NT BASE API Client DLL
681448.f64: \SystemRoot\System32\apisetschema.dll:
682448.f64: CreationTime: 2014-11-10T14:55:47.859722600Z
683448.f64: LastWriteTime: 2013-08-02T02:12:20.275000000Z
684448.f64: ChangeTime: 2014-11-10T16:23:46.810322600Z
685448.f64: FileAttributes: 0x20
686448.f64: Size: 0x1a00
687448.f64: NT Headers: 0xc0
688448.f64: Timestamp: 0x51fb15ca
689448.f64: Machine: 0x8664 - amd64
690448.f64: Timestamp: 0x51fb15ca
691448.f64: Image Version: 6.1
692448.f64: SizeOfImage: 0x50000 (327680)
693448.f64: Resource Dir: 0x30000 LB 0x3f8
694448.f64: ProductName: Microsoft® Windows® Operating System
695448.f64: ProductVersion: 6.1.7601.18229
696448.f64: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
697448.f64: FileDescription: ApiSet Schema DLL
698448.f64: Found driver avgtdia (0x100)
699448.f64: supR3HardenedWinFindAdversaries: 0x100
700448.f64: \SystemRoot\System32\drivers\avgrkx64.sys:
701448.f64: CreationTime: 2013-10-23T06:05:08.000000000Z
702448.f64: LastWriteTime: 2013-10-23T06:05:08.000000000Z
703448.f64: ChangeTime: 2015-02-06T18:12:26.583595600Z
704448.f64: FileAttributes: 0x20
705448.f64: Size: 0xb338
706448.f64: NT Headers: 0xd8
707448.f64: Timestamp: 0x5267006a
708448.f64: Machine: 0x8664 - amd64
709448.f64: Timestamp: 0x5267006a
710448.f64: Image Version: 6.1
711448.f64: SizeOfImage: 0xd000 (53248)
712448.f64: Resource Dir: 0xc000 LB 0x4c0
713448.f64: ProductName: AVG Internet Security
714448.f64: ProductVersion: 13.0.0.3450
715448.f64: FileVersion: 13.0.0.3450
716448.f64: SpecialBuild: AvgVC10_2013_1022_230739(3450), SVNRev b4d4546 (release/SmallUpdate2013-06)
717448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
718448.f64: FileDescription: AVG Anti-Rootkit Driver
719448.f64: \SystemRoot\System32\drivers\avgmfx64.sys:
720448.f64: CreationTime: 2013-07-01T06:45:28.000000000Z
721448.f64: LastWriteTime: 2013-07-01T06:45:28.000000000Z
722448.f64: ChangeTime: 2015-02-06T18:12:26.583595600Z
723448.f64: FileAttributes: 0x20
724448.f64: Size: 0x1c738
725448.f64: NT Headers: 0xd0
726448.f64: Timestamp: 0x51d0bf1d
727448.f64: Machine: 0x8664 - amd64
728448.f64: Timestamp: 0x51d0bf1d
729448.f64: Image Version: 6.1
730448.f64: SizeOfImage: 0x1f000 (126976)
731448.f64: Resource Dir: 0x1d000 LB 0x4d8
732448.f64: ProductName: AVG Internet Security
733448.f64: ProductVersion: 13.0.0.3382
734448.f64: FileVersion: 13.0.0.3382
735448.f64: SpecialBuild: AvgVC10_2013_0630_235517(3382), SVNRev 698e045 (release/SmallUpdate2013-05)
736448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
737448.f64: FileDescription: AVG Resident Shield Minifilter Driver
738448.f64: \SystemRoot\System32\drivers\avgidsdrivera.sys:
739448.f64: CreationTime: 2013-11-25T06:48:36.000000000Z
740448.f64: LastWriteTime: 2013-11-25T06:48:36.000000000Z
741448.f64: ChangeTime: 2015-02-06T18:12:26.552395500Z
742448.f64: FileAttributes: 0x20
743448.f64: Size: 0x3c138
744448.f64: NT Headers: 0xd8
745448.f64: Timestamp: 0x52929a87
746448.f64: Machine: 0x8664 - amd64
747448.f64: Timestamp: 0x52929a87
748448.f64: Image Version: 6.1
749448.f64: SizeOfImage: 0x43000 (274432)
750448.f64: Resource Dir: 0x41000 LB 0x598
751448.f64: ProductName: AVG Internet Security
752448.f64: ProductVersion: 13.0.0.3458
753448.f64: FileVersion: 13.0.0.3458
754448.f64: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
755448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
756448.f64: FileDescription: IDS Application Activity Monitor Driver.
757448.f64: \SystemRoot\System32\drivers\avgidsha.sys:
758448.f64: CreationTime: 2013-07-20T06:50:56.000000000Z
759448.f64: LastWriteTime: 2013-07-20T06:50:56.000000000Z
760448.f64: ChangeTime: 2015-02-06T18:12:26.552395500Z
761448.f64: FileAttributes: 0x20
762448.f64: Size: 0x11738
763448.f64: NT Headers: 0xd8
764448.f64: Timestamp: 0x51e9cccc
765448.f64: Machine: 0x8664 - amd64
766448.f64: Timestamp: 0x51e9cccc
767448.f64: Image Version: 6.1
768448.f64: SizeOfImage: 0x15000 (86016)
769448.f64: Resource Dir: 0x13000 LB 0x5a8
770448.f64: ProductName: AVG Internet Security
771448.f64: ProductVersion: 13.0.0.3388
772448.f64: FileVersion: 13.0.0.3388
773448.f64: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
774448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
775448.f64: FileDescription: IDS Application Activity Monitor Helper Driver.
776448.f64: \SystemRoot\System32\drivers\avgtdia.sys:
777448.f64: CreationTime: 2014-10-17T20:34:46.000000000Z
778448.f64: LastWriteTime: 2014-10-17T20:34:46.000000000Z
779448.f64: ChangeTime: 2015-02-06T18:12:26.583595600Z
780448.f64: FileAttributes: 0x20
781448.f64: Size: 0x3ad38
782448.f64: NT Headers: 0xd8
783448.f64: Timestamp: 0x544118f4
784448.f64: Machine: 0x8664 - amd64
785448.f64: Timestamp: 0x544118f4
786448.f64: Image Version: 6.1
787448.f64: SizeOfImage: 0x3f000 (258048)
788448.f64: Resource Dir: 0x3d000 LB 0x508
789448.f64: ProductName: AVG Internet Security
790448.f64: ProductVersion: 13.0.0.3491
791448.f64: FileVersion: 13.0.0.3491
792448.f64: SpecialBuild: AvgVC10_2014_1017_135430(3491), SVNRev 904609031cc94b28fb1bdcace39081348987c40d (release/HotFix2013-18)
793448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
794448.f64: FileDescription: AVG Network connection watcher
795448.f64: \SystemRoot\System32\drivers\avgloga.sys:
796448.f64: CreationTime: 2013-07-20T06:51:00.000000000Z
797448.f64: LastWriteTime: 2013-07-20T06:51:00.000000000Z
798448.f64: ChangeTime: 2015-02-06T18:12:26.552395500Z
799448.f64: FileAttributes: 0x20
800448.f64: Size: 0x4c138
801448.f64: NT Headers: 0xd0
802448.f64: Timestamp: 0x51e9ccbc
803448.f64: Machine: 0x8664 - amd64
804448.f64: Timestamp: 0x51e9ccbc
805448.f64: Image Version: 6.1
806448.f64: SizeOfImage: 0x4e000 (319488)
807448.f64: Resource Dir: 0x4c000 LB 0x4b0
808448.f64: ProductName: AVG Internet Security
809448.f64: ProductVersion: 13.0.0.3388
810448.f64: FileVersion: 13.0.0.3388
811448.f64: SpecialBuild: AvgVC10_2013_0719_235840(3388), SVNRev b6c9856 (release/SmallUpdate2013-05)
812448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
813448.f64: FileDescription: AVG Logging Driver
814448.f64: \SystemRoot\System32\drivers\avgldx64.sys:
815448.f64: CreationTime: 2014-11-04T05:30:04.000000000Z
816448.f64: LastWriteTime: 2014-11-04T05:30:04.000000000Z
817448.f64: ChangeTime: 2015-02-06T18:12:26.552395500Z
818448.f64: FileAttributes: 0x20
819448.f64: Size: 0x33338
820448.f64: NT Headers: 0xd0
821448.f64: Timestamp: 0x54580cb7
822448.f64: Machine: 0x8664 - amd64
823448.f64: Timestamp: 0x54580cb7
824448.f64: Image Version: 6.1
825448.f64: SizeOfImage: 0x37000 (225280)
826448.f64: Resource Dir: 0x35000 LB 0x4f8
827448.f64: ProductName: AVG Internet Security
828448.f64: ProductVersion: 13.0.0.3494
829448.f64: FileVersion: 13.0.0.3494
830448.f64: SpecialBuild: AvgVC10_2014_1103_224628(3494), SVNRev 5014554899867ee5e408d33bd7ebe12631b8062d (release/HotFix2013-18)
831448.f64: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
832448.f64: FileDescription: AVG AVI Loader Driver
833448.f64: Calling main()
834448.f64: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
835448.f64: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
836448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
837448.f64: SUPR3HardenedMain: Final process, opening VBoxDrv...
838448.f64: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
839448.f64: supR3HardNtEnableThreadCreation:
840448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
841448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
842448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000793e40:C:\Windows\system32 [calling]
843448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
844448.f64: supR3HardenedDllNotificationCallback: load 000007feeaae0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
845448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
846448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
847448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
848448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeaae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
849448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
850448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
851448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeaae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
852448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeaae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
853448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
854448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
855448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
856448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
857448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
858448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
859448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
860448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
861448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
862448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
863448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
864448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
865448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
866448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
867448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
868448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
869448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
870448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
871448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
872448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
873448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
874448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
875448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
876448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
877448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
878448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
879448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
880448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
881448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
882448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
883448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000793e40:C:\Windows\system32 [calling]
884448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
885448.f64: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
886448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
887448.f64: supR3HardenedDllNotificationCallback: load 000007fefd940000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
888448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
889448.f64: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
890448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
891448.f64: supR3HardenedDllNotificationCallback: load 000007fefccc0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
892448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
893448.f64: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
894448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
895448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\Wintrust.dll'
896448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
897448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
898448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
899448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
900448.f64: supR3HardenedDllNotificationCallback: load 000007fefc6b0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
901448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
902448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6b0000 'C:\Windows\system32\CRYPTSP.dll'
903448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
904448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
905448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
906448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
907448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
908448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
909448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
910448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
911448.f64: supR3HardenedDllNotificationCallback: load 000007fefc0e0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
912448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
913448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0e0000 'C:\Windows\system32\rsaenh.dll'
914448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
915448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
916448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
917448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
918448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
919448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
920448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
921448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
922448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
923448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
924448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
925448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
926448.f64: supR3HardenedDllNotificationCallback: load 000007fefd130000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
927448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
928448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
929448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
930448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
931448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
932448.f64: supR3HardenedDllNotificationCallback: load 000007fefd080000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
933448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
934448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.dll'
935448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
936448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
937448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
938448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
939448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
940448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
941448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
942448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
943448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
944448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
945448.f64: supR3HardenedDllNotificationCallback: load 000007fefcb60000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
946448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
947448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\Windows\system32\CRYPTBASE.dll'
948448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
949448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
950448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ce0000 'C:\Windows\system32\kernel32.dll'
951448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
952448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
953448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\WINTRUST.DLL'
954448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
955448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
956448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\CRYPT32.dll'
957448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
958448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
959448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
960448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
961448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
962448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
963448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
964448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
965448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
966448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
967448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
968448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
969448.f64: supR3HardenedDllNotificationCallback: load 000007fefd510000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
970448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
971448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd510000 'C:\Windows\system32\imagehlp.dll'
972448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
973448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
974448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6b0000 'C:\Windows\system32\CRYPTSP.dll'
975448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
976448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
977448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
978448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
979448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
980448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
981448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
982448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
983448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
984448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
985448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
986448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
987448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
988448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
989448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
990448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
991448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
992448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
993448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
994448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
995448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
996448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
997448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
998448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
999448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
1000448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
1001448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1002448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1003448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1004448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1005448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1006448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1007448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1008448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1009448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1010448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1011448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1012448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1013448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1014448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1015448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1016448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1017448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1018448.f64: supR3HardenedDllNotificationCallback: load 0000000076e00000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1019448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1020448.f64: supR3HardenedDllNotificationCallback: load 000007fefd0c0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1021448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1022448.f64: supR3HardenedDllNotificationCallback: load 000007fefd0a0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1023448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1024448.f64: supR3HardenedDllNotificationCallback: load 000007feff140000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1025448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1026448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1027448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1028448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\gdi32.dll'
1029448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1030448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1031448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1032448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1033448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1034448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1035448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1036448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1037448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1038448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1039448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1040448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1041448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1042448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1043448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1044448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1045448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1046448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1047448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1048448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1049448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1050448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1051448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1052448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1053448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1054448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1055448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1056448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1057448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1058448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1059448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1060448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1061448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1062448.f64: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1063448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1064448.f64: supR3HardenedDllNotificationCallback: load 000007fefdce0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1065448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1066448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\IMM32.DLL'
1067448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e00000 'C:\Windows\system32\USER32.dll'
1068448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1069448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1070448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1071448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1072448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1073448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1074448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1075448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1076448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1077448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1078448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1079448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1080448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1081448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1082448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1083448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1084448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1085448.f64: supR3HardenedDllNotificationCallback: load 000007fefc660000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1086448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1087448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1088448.f64: supR3HardenedDllNotificationCallback: load 000007fefc630000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
1089448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1090448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc660000 'C:\Windows\system32\ncrypt.dll'
1091448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1092448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
1093448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1094448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1095448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1096448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1097448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1098448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1099448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1100448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1101448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1102448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1103448.f64: supR3HardenedDllNotificationCallback: load 000007fefc040000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
1104448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1105448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc040000 'C:\Windows\system32\bcryptprimitives.dll'
1106448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1107448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1108448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc630000 'C:\Windows\system32\bcrypt.dll'
1109448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1110448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1111448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1112448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
1113448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1114448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1115448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1116448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1117448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1118448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1119448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1120448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1121448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1122448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1123448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1124448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1125448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1126448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1127448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1128448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1129448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1130448.f64: supR3HardenedDllNotificationCallback: load 000007fefcd60000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1131448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1132448.f64: supR3HardenedDllNotificationCallback: load 000007fefccd0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1133448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1134448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd60000 'C:\Windows\system32\USERENV.dll'
1135448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1136448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1137448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1138448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1139448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1140448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1141448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1142448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1143448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1144448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1145448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1146448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1147448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1148448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1149448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1150448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1151448.f64: supR3HardenedDllNotificationCallback: load 000007fefbf70000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1152448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1153448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\Windows\system32\GPAPI.dll'
1154448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1155448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1156448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1157448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1158448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\rpcrt4.dll'
1159448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1160448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1161448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1162448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1163448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1164448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1165448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1166448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1167448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1168448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1169448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1170448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1171448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1172448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1173448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1174448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1175448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1176448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1177448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1178448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1179448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1180448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1181448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1182448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1183448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1184448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1185448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1186448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1187448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1188448.f64: supR3HardenedDllNotificationCallback: load 000007fef9350000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1189448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1190448.f64: supR3HardenedDllNotificationCallback: load 000007fefddf0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1191448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1192448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1193448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1194448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1195448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1196448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1197448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1198448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1199448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1200448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1201448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1202448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1203448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1204448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1205448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1206448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1207448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1208448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1209448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1210448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1211448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1212448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1213448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1214448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1215448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1216448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1217448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1218448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1219448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1220448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1221448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1222448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9350000 'C:\Windows\system32\cryptnet.dll'
1223448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1224448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1225448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1226448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1227448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccd0000 'C:\Windows\system32\profapi.dll'
1228448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1229448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1230448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1231448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1232448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1233448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1234448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1235448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1236448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1237448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1238448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1239448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1240448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1241448.f64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1242448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1243448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1244448.f64: supR3HardenedDllNotificationCallback: load 000007fefe0e0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1245448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1246448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\SHLWAPI.dll'
1247448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1248448.f64: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000805490
1249448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1250448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
1251448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1252448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1253448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1254448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1255448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1256448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1257448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1258448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1259448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.dll'
1260448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1261448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1262448.f64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1263448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1264448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
1265448.f64: g_pfnWinVerifyTrust=000007fefcd81010
1266448.f64: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1267448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1268448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1269448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1270448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
1271448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1272448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273448.f64: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1274448.f64: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1275448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1276448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1277448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1278448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
1279448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1280448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1281448.f64: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1282448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1283448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1284448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1285448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1286448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1287448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1288448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1289448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1290448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1291448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1292448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1293448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1294448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1295448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1296448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1297448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1298448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1299448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1300448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1301448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1302448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1303448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1304448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1305448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1306448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1307448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1308448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1309448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1310448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1311448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1312448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1313448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1314448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1315448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1316448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1317448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1318448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1319448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1320448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1321448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1322448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1323448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1324448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1325448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1326448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1327448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1328448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1329448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1330448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1331448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1332448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1333448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1334448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1335448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F12D3394983F702C1F70874F040CE64DD7AAD14
1336448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_50_for_KB3023607~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1337448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1338448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1339448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1340448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1341448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1342448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1343448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1344448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1345448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1346448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1347448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1348448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1349448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1350448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1351448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1352448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1353448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1354448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1355448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1356448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1357448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1358448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1359448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1360448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1361448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1362448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1363448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1364448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1365448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1366448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1367448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1368448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1369448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1370448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1371448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1372448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1373448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1374448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1375448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1376448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1377448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1378448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1379448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1380448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1381448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1382448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1383448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1384448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1385448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1386448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1387448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1388448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1389448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1390448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1391448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1392448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1393448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1394448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1395448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1396448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1397448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1398448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1399448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1400448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1401448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1402448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1403448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1404448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1405448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1406448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1407448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1408448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1409448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1410448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1411448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1412448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1413448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1414448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1415448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1416448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1417448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1418448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1419448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1420448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1421448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1422448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1423448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1424448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1425448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1426448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1427448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1428448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1429448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1430448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1431448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1432448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1433448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1434448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1435448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1436448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1437448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1438448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1439448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1440448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1441448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1442448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1443448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1444448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1445448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1446448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1447448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1448448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1449448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1450448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1451448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1452448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1453448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1454448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000088d200:C:\Windows\system32 [calling]
1455448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\crypt32.dll'
1456448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1457448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1458448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1459448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1460448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1461448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1462448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1463448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1464448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1465448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1466448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1467448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1468448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1469448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1470448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1471448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1472448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1473448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1474448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1475448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1476448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1477448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1478448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1479448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1480448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1481448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1482448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1483448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1484448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1485448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1486448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1487448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1488448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1489448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1490448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1491448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1492448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1493448.f64: supR3HardenedWinIsDesiredRootCA: Adding 0xce6a3f1d3821c900 DC=com, DC=intelerad, CN=intelerad-IT-AD2-CA
1494448.f64: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=38
1495448.f64: SUPR3HardenedMain: Load Runtime...
1496448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1497448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1498448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1499448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1500448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1501448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1502448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1503448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1504448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1505448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1506448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1507448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1508448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1509448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1510448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1511448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1512448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1513448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1514448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1515448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1516448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1517448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1518448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1519448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1520448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1521448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1522448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1523448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1524448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1525448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1526448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1527448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1528448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1529448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1530448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1531448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1532448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1533448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1534448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1535448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1536448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1537448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1538448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1539448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1540448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1541448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1542448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1543448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1544448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1545448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1546448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1547448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1548448.f64: supR3HardenedDllNotificationCallback: load 000007fee7080000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1549448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1550448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1551448.f64: supR3HardenedDllNotificationCallback: load 000000006f080000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1552448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1553448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1554448.f64: supR3HardenedDllNotificationCallback: load 000000006efe0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1555448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1556448.f64: supR3HardenedDllNotificationCallback: load 000007fefd340000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1557448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1558448.f64: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1559448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1560448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1561448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1562448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1563448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1564448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1565448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1566448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1567448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1568448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1569448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1570448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1571448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1572448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1573448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1574448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1575448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1576448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1577448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1578448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1579448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1580448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1581448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1582448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1583448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1584448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1585448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1586448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1587448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1588448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1589448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1590448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1591448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1592448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1593448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1594448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1595448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1596448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1597448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1598448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1599448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1600448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1601448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1602448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1603448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1604448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.7.0_72\bin [calling]
1605448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1606448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1607448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1608448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1609448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1610448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e96410:C:\Windows\system32 [calling]
1611448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\Wintrust.dll'
1612448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1613448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e96410:C:\Windows\system32 [calling]
1614448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\crypt32.dll'
1615448.f64: SUPR3HardenedMain: Load TrustedMain...
1616448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1617448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1618448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1619448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1620448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1621448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1622448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1623448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1624448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1625448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1626448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1627448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1628448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1629448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1630448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1631448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1632448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1633448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1634448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1635448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1636448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1637448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1638448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1639448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1640448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1641448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1642448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1643448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1644448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1645448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1646448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1647448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1648448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1649448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1650448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1651448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1652448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1653448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1654448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1655448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1656448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1657448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1658448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1659448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1660448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1661448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1662448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1663448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1664448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1665448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1666448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1667448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
1668448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1669448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1670448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1671448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1672448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1673448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1674448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1675448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1676448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1677448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1678448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1679448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1680448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1681448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1682448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1683448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1684448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1685448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1686448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1687448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1688448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1689448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1690448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1691448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1692448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1693448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1694448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1695448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1696448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2691B4CA862B8F691AC1CF51D38E621F27CACF6
1697448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2926765~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1698448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1699448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1700448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1701448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1702448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1703448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1704448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1705448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1706448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1707448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1708448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1709448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1710448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1711448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1712448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1713448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1714448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1715448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1716448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1717448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1718448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1719448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1720448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1721448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1722448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1723448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1724448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1725448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1726448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1727448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1728448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1729448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1730448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1731448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1732448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1733448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1734448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1735448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1736448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1737448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1738448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1739448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1740448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1741448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1742448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1743448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1744448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1745448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1746448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1747448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1748448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1749448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1750448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1751448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1752448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1753448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1754448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1755448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1756448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1757448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1758448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1759448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1760448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1761448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1762448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1763448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1764448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1765448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1766448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1767448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1768448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1769448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1770448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1771448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1772448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1773448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1774448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1775448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1776448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1777448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1778448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1779448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1780448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1781448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1782448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1783448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1784448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1785448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1786448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1787448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1788448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1789448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1790448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1791448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1792448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1793448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1794448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1795448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1796448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1797448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1798448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1799448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1800448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1801448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1802448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1803448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1804448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1805448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1806448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1807448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1808448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1809448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1810448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1811448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1812448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1813448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1814448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1815448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1816448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1817448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1818448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1819448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1820448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1821448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1822448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1823448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1824448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1825448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1826448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1827448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1828448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1829448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1830448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1831448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1832448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1833448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1834448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1835448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1836448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1837448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1838448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1839448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1840448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1841448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1842448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1843448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1844448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1845448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1846448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1847448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1848448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1849448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1850448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1851448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1852448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1853448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1854448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1855448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1856448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1857448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1858448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1859448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1860448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1861448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1862448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1863448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1864448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1865448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1866448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1867448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1868448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1869448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1870448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1871448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1872448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1873448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1874448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1875448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1876448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1877448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1878448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1879448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1880448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1881448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1882448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1883448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1884448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1885448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1886448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1887448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1888448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1889448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1890448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1891448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1892448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1893448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1894448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1895448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1896448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1897448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1898448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1899448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1900448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1901448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1902448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1903448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1904448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1905448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1906448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1907448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1908448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1909448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1910448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1911448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1912448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1913448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1914448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1915448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1916448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1917448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1918448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1919448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1920448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1921448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1922448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1923448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1924448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1925448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1926448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1927448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1928448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1929448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1930448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1931448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1932448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1933448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1934448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1935448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1936448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1937448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1938448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1939448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1940448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1941448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1942448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1943448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1944448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1945448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1946448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1947448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1948448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1949448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1950448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1951448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1952448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1953448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1954448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1955448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1956448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1957448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1958448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1959448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1960448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1961448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1962448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1963448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1964448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1965448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1966448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1967448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1968448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1969448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1970448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1971448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1972448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1973448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1974448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1975448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1976448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1977448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1978448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1979448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1980448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1981448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1982448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1983448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1984448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1985448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1986448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1987448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
1988448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
1989448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1990448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1991448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1992448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1993448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1994448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1995448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1996448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1997448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1998448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1999448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
2000448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2001448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2002448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2003448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
2004448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2005448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2006448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2007448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2008448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2009448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2010448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2011448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2012448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
2013448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2014448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2015448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2016448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2017448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2018448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
2019448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2020448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2021448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
2022448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
2023448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2024448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2025448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2026448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2027448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
2028448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2029448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2030448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2031448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2032448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2033448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2034448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2035448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2036448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2037448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2038448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2039448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2040448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2041448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
2042448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2043448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2044448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2045448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
2046448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2047448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2048448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2049448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
2050448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2051448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2052448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2053448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2054448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2055448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2056448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2057448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2058448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2059448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2060448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2061448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2062448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2063448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2064448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2065448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2066448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2067448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2068448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2069448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2070448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2071448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2072448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2073448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
2074448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2075448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2076448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2077448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2078448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2079448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2080448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2081448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2082448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2083448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2084448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2085448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2086448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2087448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2088448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2089448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2090448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2091448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2092448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2093448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2094448.f64: supR3HardenedDllNotificationCallback: load 000007fee6800000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2095448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2096448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2097448.f64: supR3HardenedDllNotificationCallback: load 000007fee7b60000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2098448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2099448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2100448.f64: supR3HardenedDllNotificationCallback: load 000007feeaab0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2101448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2102448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2103448.f64: supR3HardenedDllNotificationCallback: load 000007fee7980000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2104448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2105448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2106448.f64: supR3HardenedDllNotificationCallback: load 000007feeaaa0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2107448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2108448.f64: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2109448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2110448.f64: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2111448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2112448.f64: supR3HardenedDllNotificationCallback: load 000007fefd430000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2113448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2114448.f64: supR3HardenedDllNotificationCallback: load 000007fefde50000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2115448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2116448.f64: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2117448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2118448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2119448.f64: supR3HardenedDllNotificationCallback: load 000007fefa990000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2120448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2121448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2122448.f64: supR3HardenedDllNotificationCallback: load 000000006e890000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2123448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2124448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2125448.f64: supR3HardenedDllNotificationCallback: load 000000006d640000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2126448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2127448.f64: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2128448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2129448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2130448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2131448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2132448.f64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
2133448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2134448.f64: supR3HardenedDllNotificationCallback: load 000007fef6c40000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
2135448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
2136448.f64: supR3HardenedDllNotificationCallback: load 000007fefe160000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2137448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2138448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2139448.f64: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2140448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2141448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2142448.f64: supR3HardenedDllNotificationCallback: load 000007fef7a20000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2143448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2144448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2145448.f64: supR3HardenedDllNotificationCallback: load 000000006eed0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
2146448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2147448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2148448.f64: supR3HardenedDllNotificationCallback: load 000000006edf0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2149448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2150448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2151448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2152448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2153448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
2154448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2155448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2156448.f64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2157448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2158448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2159448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2160448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2161448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2162448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2163448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2164448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c8d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2165448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\imm32.dll'
2166448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6800000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2167448.f64: SUPR3HardenedMain: Calling TrustedMain (000007fee6801ca0)...
2168448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2169448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2170448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\Windows\system32\winmm.dll'
2171448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005bc pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2172448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2173448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2174448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2175448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2176448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2177448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2178448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2179448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2180448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
2181448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2182448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2183448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2184448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2185448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2186448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2187448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2188448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f472b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2189448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2190448.f64: supR3HardenedDllNotificationCallback: load 000007fefb820000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2191448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2192448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2193448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2194448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f472b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2195448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2196448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2197448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f47410:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2198448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2199448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2200448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f47410:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2201448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2202448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2203448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2204448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa990000 'C:\Windows\system32\dwmapi.dll'
2205448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2206448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2207448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\Windows\system32\CRYPTBASE.dll'
2208448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2209448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2210448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\shell32.dll'
2211448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2212448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2213448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ce0000 'C:\Windows\system32\kernel32.dll'
2214448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2215448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2216448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2217448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2218448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2219448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2220448.f64: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2221448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2222448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2223448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e00000 'C:\Windows\system32\user32.dll'
2224448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2225448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2226448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2227448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e00000 'C:\Windows\system32\user32.dll'
2228448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\advapi32.dll'
2229448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2230448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2231448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd60000 'C:\Windows\system32\userenv.dll'
2232448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2233448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2234448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ce0000 'C:\Windows\system32\kernel32.dll'
2235448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2236448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2237448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2238448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2239448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2240448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2241448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2242448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2243448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2244448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2245448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2246448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2247448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
2248448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2249448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2250448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2251448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2252448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2253448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2254448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2255448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2256448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2257448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2258448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2259448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2260448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2261448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2262448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2263448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2264448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084c4e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2265448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2266448.f64: supR3HardenedDllNotificationCallback: load 000007fefd390000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2267448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2268448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd390000 'C:\Windows\system32\CLBCatQ.DLL'
2269448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2270448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084ccc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2271448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.dll'
2272448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2273448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084ca80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2274448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6b0000 'C:\Windows\system32\CRYPTSP.dll'
2275448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000630 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2276448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2277448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2278448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2279448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2280448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2281448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2282448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
2283448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2284448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2285448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2286448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084ca80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2287448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2288448.f64: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2289448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2290448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\Windows\system32\RpcRtRemote.dll'
2291448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2292448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f470a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2293448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\oleaut32.dll'
2294448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2295448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2296448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2297448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2298448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2299448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2300448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
2301448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2302448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084cf90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2303448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2304448.f64: supR3HardenedDllNotificationCallback: load 000007fefcb70000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2305448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2306448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\SXS.DLL'
2307448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.dll'
2308448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2309448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d530:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2310448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\OLEAUT32.dll'
2311448.f64: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2312448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d4a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2313448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2314448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\gdi32.dll'
2315448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2316448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2317448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2318448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2319448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2320448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2321448.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2322448.e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
2323448.e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2324448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2325448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2326448.e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2327448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2328448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2329448.e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2330448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2331448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2332448.e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2333448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2334448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2335448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2336448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2337448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2338448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2339448.e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2340448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2341448.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2342448.e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000868bf0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2343448.e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2344448.e38: supR3HardenedDllNotificationCallback: load 000007fef30d0000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2345448.e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2346448.e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef30d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2347448.784: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2348448.784: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2349448.784: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
2350448.784: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2351448.784: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2352448.784: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2353448.784: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2354448.784: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2355448.784: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2356448.784: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2357448.784: supR3HardenedDllNotificationCallback: load 000007fefa140000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2358448.784: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2359448.784: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
2360448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e00000 'C:\Windows\system32\user32.dll'
2361448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2362448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2363448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\shell32.dll'
2364448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\ADVAPI32.dll'
2365448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2366448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2367448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde50000 'C:\Windows\system32\ole32.dll'
2368448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2369448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2370448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\shell32.dll'
2371448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2372448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2373448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\shell32.dll'
2374448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2375448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2376448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa990000 'C:\Windows\system32\dwmapi.dll'
2377448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb820000 'C:\Windows\system32\uxtheme.dll'
2378448.f64: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
2379448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2380448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2381448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6c40000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2382448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2383448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2384448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\Windows\system32\WINMM.dll'
2385448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2386448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f48e30:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2387448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa990000 'C:\Windows\system32\dwmapi.dll'
2388448.29c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2389448.29c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d410:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2390448.29c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\OLEAUT32.dll'
2391448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2392448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084d530:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2393448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde50000 'C:\Windows\system32\ole32.dll'
2394448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\OLEAUT32.dll'
2395448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006e8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2396448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2397448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2398448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2399448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2400448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2401448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2402448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2403448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2404448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2405448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2406448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2407448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
2408448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2409448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2410448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2411448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2412448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2413448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2414448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2415448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2416448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2417448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2418448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2419448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2420448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2421448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2422448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2423448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2424448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2425448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2426448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2427448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2428448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2429448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2430448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2431448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
2432448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2433448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2434448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2435448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2436448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2437448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2438448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2439448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2440448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2441448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2442448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2443448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2444448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2445448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2446448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2447448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028cee50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2448448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2449448.f64: supR3HardenedDllNotificationCallback: load 000007fef87a0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2450448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2451448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2452448.f64: supR3HardenedDllNotificationCallback: load 000007fef8bc0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2453448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2454448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef87a0000 'C:\Windows\system32\wbem\wbemprox.dll'
2455448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a10 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2456448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2457448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2458448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2459448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2460448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2461448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2462448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2463448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2464448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2465448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2466448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2467448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2468448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2469448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028cee50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2470448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2471448.f64: supR3HardenedDllNotificationCallback: load 000007fef8470000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2472448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2473448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8470000 'C:\Windows\system32\wbem\wbemsvc.dll'
2474448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a14 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2475448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2476448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2477448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2478448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2479448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2480448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2481448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2482448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2483448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2484448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2485448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2486448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2487448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2488448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2489448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2490448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006cc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2491448.f64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2492448.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2493448.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2494448.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2495448.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2496448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2497448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2498448.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2499448.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
2500448.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2501448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2502448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2503448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2504448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2505448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2506448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2507448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2508448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2509448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2510448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2511448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2512448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2513448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2514448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2515448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2516448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2517448.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2518448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2519448.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2520448.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028cee50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2521448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2522448.f64: supR3HardenedDllNotificationCallback: load 000007fef8850000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2523448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2524448.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2525448.f64: supR3HardenedDllNotificationCallback: load 000007fef93f0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2526448.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2527448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8850000 'C:\Windows\system32\wbem\fastprox.dll'
2528448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\OLEAUT32.dll'
2529448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2530448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2531448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2532448.cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
2533448.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2534448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2535448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2536448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2537448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2538448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2539448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2540448.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2541448.cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
2542448.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2543448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2544448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2545448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2546448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2547448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2548448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2549448.cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2550448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2551448.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2552448.cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2553448.cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2554448.cf0: supR3HardenedDllNotificationCallback: load 000007fef45c0000 LB 0x00261000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2555448.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2556448.cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2557448.cf0: supR3HardenedDllNotificationCallback: load 000000006f9b0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2558448.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2559448.cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2560448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2561448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2562448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2563448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2564448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
2565448.bd0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2566448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2567448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2568448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2569448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2570448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2571448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2572448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2573448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2574448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll)WinVerifyTrust
2575448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2576448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2577448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2578448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2579448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2580448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2581448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2582448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2583448.bd0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2584448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2585448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2586448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2587448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2588448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2589448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2590448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2591448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2592448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2593448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2594448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2595448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2596448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2597448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2598448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2599448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2600448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2601448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2602448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2603448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2604448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2605448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2606448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2607448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2608448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2609448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2610448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2611448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2612448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2613448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2614448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2615448.bd0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2616448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2617448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2618448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2619448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust
2620448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2621448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2622448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2623448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2624448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2625448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2626448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2627448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2628448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2629448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2630448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2631448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2632448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2633448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f48490:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2634448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2635448.bd0: supR3HardenedDllNotificationCallback: load 000007feeab60000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2636448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2637448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2638448.bd0: supR3HardenedDllNotificationCallback: load 000007fef9a40000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2639448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2640448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2641448.bd0: supR3HardenedDllNotificationCallback: load 000007fef9a20000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2642448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2643448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeab60000 'C:\Windows\system32\netcfgx.dll'
2644448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2645448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2646448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\SETUPAPI.dll'
2647448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2648448.bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2649448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2650448.bd0: supR3HardenedDllNotificationCallback: load 000007fefc130000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2651448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2652448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2653448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2654448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2655448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2656448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2657448.bd0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2658448.bd0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2659448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2660448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2661448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2662448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2663448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\WINTRUST.dll'
2664448.da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2665448.da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2666448.da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2667448.da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2668448.da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2669448.da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2670448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2671448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2672448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2673448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2674448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2675448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2676448.da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2677448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2678448.da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2679448.da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2680448.da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2681448.da0: supR3HardenedDllNotificationCallback: load 000007fefa580000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2682448.da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2683448.da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa580000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2684448.cfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2685448.cfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2686448.cfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2687448.cfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2688448.cfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2689448.cfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2690448.cfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2691448.cfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2692448.cfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2693448.cfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2694448.cfc: supR3HardenedDllNotificationCallback: load 000007fefa570000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2695448.cfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2696448.cfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa570000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2697448.9d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2698448.9d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2699448.9d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2700448.9d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
2701448.9d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2702448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2703448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2704448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2705448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2706448.9d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2707448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2708448.9d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2709448.9d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2710448.9d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2711448.9d4: supR3HardenedDllNotificationCallback: load 000007fefa560000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2712448.9d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2713448.9d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2714448.690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2715448.690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2716448.690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2717448.690: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
2718448.690: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2719448.690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2720448.690: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2721448.690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2722448.690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2723448.690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2724448.690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2725448.690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2726448.690: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2727448.690: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2728448.690: supR3HardenedDllNotificationCallback: load 000007fefa550000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2729448.690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2730448.690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa550000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2731448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2732448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2733448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32/Shell32.dll'
2734448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde50000 'C:\Windows\system32\ole32.dll'
2735448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2736448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2737448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2738448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2739448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccd0000 'C:\Windows\system32\profapi.dll'
2740448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2741448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2742448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2743448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2744448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2745448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2746448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2747448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2748448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
2749448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2750448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2751448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2752448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2753448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2754448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2755448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2756448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2757448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2758448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2759448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2760448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2761448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2762448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2763448.bd0: supR3HardenedDllNotificationCallback: load 000007fefa440000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2764448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2765448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa440000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2766448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fefa440000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2767448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2768448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2769448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2770448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2771448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2772448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2773448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2774448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2775448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2776448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2777448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
2778448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2779448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2780448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2781448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2782448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2783448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2784448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2785448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2786448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2787448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2788448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2789448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2790448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2791448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2792448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2793448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2794448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2795448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2796448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2797448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
2798448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2799448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2800448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2801448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2802448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2803448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2804448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2805448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2806448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2807448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
2808448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2809448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2810448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2811448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2812448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2813448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2814448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2815448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2816448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2817448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2818448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2819448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2820448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c6c pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2821448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000805490
2822448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000805490
2823448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2824448.bd0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2825448.bd0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2826448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2827448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2828448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2829448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2830448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2831448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2832448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2833448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
2834448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2835448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2836448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2837448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2838448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2839448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2840448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2841448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2842448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2843448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2844448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2845448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2846448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2847448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2848448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2849448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2850448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2851448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2852448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2853448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2854448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2855448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2856448.bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2857448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2858448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2859448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2860448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2861448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2862448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2863448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2864448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2865448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2866448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2867448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2868448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2869448.bd0: supR3HardenedDllNotificationCallback: load 000007fef25f0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2870448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2871448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2872448.bd0: supR3HardenedDllNotificationCallback: load 000007fee8f70000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2873448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2874448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2875448.bd0: supR3HardenedDllNotificationCallback: load 000007fee8260000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
2876448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2877448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2878448.bd0: supR3HardenedDllNotificationCallback: load 000007fefa440000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2879448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2880448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef25f0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2881448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2882448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2883448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2884448.bd0: supR3HardenedDllNotificationCallback: load 000007fef7f00000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2885448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2886448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7f00000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2887448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2888448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2889448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2890448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef30d0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2891448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2892448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2893448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2894448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa440000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2895448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2896448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2897448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
2898448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2899448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2900448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2901448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2902448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2903448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2904448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2905448.bd0: supR3HardenedDllNotificationCallback: load 000007fefa110000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2906448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2907448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
2908448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2909448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2910448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
2911448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2912448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2913448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2914448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2915448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2916448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2917448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2918448.bd0: supR3HardenedDllNotificationCallback: load 000007fef7ee0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2919448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2920448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7ee0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
2921448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2922448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2923448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
2924448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2925448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2926448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2927448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2928448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2929448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2930448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2931448.bd0: supR3HardenedDllNotificationCallback: load 000007fef7e30000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2932448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2933448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e30000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
2934448.dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2935448.dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2936448.dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2937448.dbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
2938448.dbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2939448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2940448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2941448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2942448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2943448.dbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2944448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2945448.dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2946448.dbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2947448.dbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2948448.dbc: supR3HardenedDllNotificationCallback: load 000007fefa540000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2949448.dbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2950448.dbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa540000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2951448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2952448.bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2953448.bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
2954448.bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2955448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2956448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2957448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2958448.bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2959448.bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faafb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2960448.bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2961448.bd0: supR3HardenedDllNotificationCallback: load 000007fefa130000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2962448.bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2963448.bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa130000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
2964448.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e00000 'C:\Windows\system32\user32.dll'
2965448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fef7e30000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
2966448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fef7ee0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
2967448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fefa110000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
2968448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fef7f00000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2969448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fef25f0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2970448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fefa440000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2971448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fee8f70000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2972448.bd0: supR3HardenedDllNotificationCallback: Unload 000007fee8260000 LB 0x00051000 C:\Windows\system32\newdev.dll [flags=0x0]
2973448.dbc: supR3HardenedDllNotificationCallback: Unload 000007fefa540000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
2974448.690: supR3HardenedDllNotificationCallback: Unload 000007fefa550000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2975448.9d4: supR3HardenedDllNotificationCallback: Unload 000007fefa560000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2976448.cfc: supR3HardenedDllNotificationCallback: Unload 000007fefa570000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2977448.da0: supR3HardenedDllNotificationCallback: Unload 000007fefa580000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2978448.6f4: supR3HardenedDllNotificationCallback: Unload 000007fefa140000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
2979448.f64: supR3HardenedDllNotificationCallback: Unload 000007feeab60000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
2980448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef9a40000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
2981448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef9a20000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
2982448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef8850000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2983448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef93f0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2984448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef8470000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2985448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef87a0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2986448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef8bc0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2987448.f64: supR3HardenedDllNotificationCallback: Unload 000007fef30d0000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2988448.f64: Terminating the normal way: rcExit=0
2989d78.918: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12519 ms, the end);
299019c.4d8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 13159 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy