VirtualBox

Ticket #13767: VBoxStartup.log

File VBoxStartup.log, 299.2 KB (added by GeloMan, 10 years ago)

VBoxStartup.log

Line 
1364.17f0: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000ac g_uNtVerCombined=0x611db110
2364.17f0: \SystemRoot\System32\ntdll.dll:
3364.17f0: CreationTime: 2013-05-30T01:33:02.156950000Z
4364.17f0: LastWriteTime: 2011-11-17T06:41:18.858669900Z
5364.17f0: ChangeTime: 2013-07-03T19:28:34.581962500Z
6364.17f0: FileAttributes: 0x20
7364.17f0: Size: 0x1a6d50
8364.17f0: NT Headers: 0xe0
9364.17f0: Timestamp: 0x4ec4aa8e
10364.17f0: Machine: 0x8664 - amd64
11364.17f0: Timestamp: 0x4ec4aa8e
12364.17f0: Image Version: 6.1
13364.17f0: SizeOfImage: 0x1a9000 (1740800)
14364.17f0: Resource Dir: 0x151000 LB 0x560d8
15364.17f0: ProductName: Microsoft® Windows® Operating System
16364.17f0: ProductVersion: 6.1.7601.17725
17364.17f0: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
18364.17f0: FileDescription: NT Layer DLL
19364.17f0: \SystemRoot\System32\kernel32.dll:
20364.17f0: CreationTime: 2013-06-30T14:41:33.930567300Z
21364.17f0: LastWriteTime: 2012-11-30T05:41:07.621000000Z
22364.17f0: ChangeTime: 2013-07-03T19:28:50.821591000Z
23364.17f0: FileAttributes: 0x20
24364.17f0: Size: 0x11b800
25364.17f0: NT Headers: 0xe8
26364.17f0: Timestamp: 0x50b8479a
27364.17f0: Machine: 0x8664 - amd64
28364.17f0: Timestamp: 0x50b8479a
29364.17f0: Image Version: 6.1
30364.17f0: SizeOfImage: 0x11f000 (1175552)
31364.17f0: Resource Dir: 0x116000 LB 0x528
32364.17f0: ProductName: Microsoft® Windows® Operating System
33364.17f0: ProductVersion: 6.1.7601.18015
34364.17f0: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
35364.17f0: FileDescription: Windows NT BASE API Client DLL
36364.17f0: \SystemRoot\System32\KernelBase.dll:
37364.17f0: CreationTime: 2013-06-30T14:41:33.894565200Z
38364.17f0: LastWriteTime: 2012-11-30T05:41:07.715000000Z
39364.17f0: ChangeTime: 2013-07-03T19:28:52.740394400Z
40364.17f0: FileAttributes: 0x20
41364.17f0: Size: 0x67a00
42364.17f0: NT Headers: 0xe8
43364.17f0: Timestamp: 0x50b8479b
44364.17f0: Machine: 0x8664 - amd64
45364.17f0: Timestamp: 0x50b8479b
46364.17f0: Image Version: 6.1
47364.17f0: SizeOfImage: 0x6b000 (438272)
48364.17f0: Resource Dir: 0x69000 LB 0x530
49364.17f0: ProductName: Microsoft® Windows® Operating System
50364.17f0: ProductVersion: 6.1.7601.18015
51364.17f0: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
52364.17f0: FileDescription: Windows NT BASE API Client DLL
53364.17f0: \SystemRoot\System32\apisetschema.dll:
54364.17f0: CreationTime: 2009-07-13T23:18:54.866423200Z
55364.17f0: LastWriteTime: 2009-07-14T01:24:53.779000000Z
56364.17f0: ChangeTime: 2013-05-30T01:10:20.175000200Z
57364.17f0: FileAttributes: 0x20
58364.17f0: Size: 0x1a00
59364.17f0: NT Headers: 0xc0
60364.17f0: Timestamp: 0x4a5bdeab
61364.17f0: Machine: 0x8664 - amd64
62364.17f0: Timestamp: 0x4a5bdeab
63364.17f0: Image Version: 6.1
64364.17f0: SizeOfImage: 0x50000 (327680)
65364.17f0: Resource Dir: 0x30000 LB 0x3f0
66364.17f0: ProductName: Microsoft® Windows® Operating System
67364.17f0: ProductVersion: 6.1.7600.16385
68364.17f0: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
69364.17f0: FileDescription: ApiSet Schema DLL
70364.17f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71364.17f0: supR3HardenedWinFindAdversaries: 0x0
72364.17f0: Calling main()
73364.17f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
74364.17f0: SUPR3HardenedMain: Respawn #1
75364.17f0: System32: \Device\HarddiskVolume4\Windows\System32
76364.17f0: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
77364.17f0: KnownDllPath: C:\Windows\system32
78364.17f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
79364.17f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
80364.17f0: supR3HardNtEnableThreadCreation:
81364.17f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007758c320 pvNtTerminateThread=00000000775b1840
82364.17f0: supR3HardenedWinDoReSpawn(1): New child da4.15f8 [kernel32].
83364.17f0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
84364.17f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077560000 uNtDllChildAddr=0000000077560000
85364.17f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007758c320
86364.17f0: supR3HardenedWinSetupChildInit: Start child.
87364.17f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
88364.17f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 25 sleeps
89364.17f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
90364.17f0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
91364.17f0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
92364.17f0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
93364.17f0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
94364.17f0: *0000000000040000-fffffffffff43fff 0x0000/0x0004 0x0020000
95364.17f0: 000000000013c000-0000000000138fff 0x0104/0x0004 0x0020000
96364.17f0: 000000000013f000-000000000013dfff 0x0004/0x0004 0x0020000
97364.17f0: *0000000000140000-000000000013efff 0x0004/0x0004 0x0020000
98364.17f0: 0000000000141000-0000000000131fff 0x0001/0x0000 0x0000000
99364.17f0: *0000000000150000-000000000014efff 0x0004/0x0004 0x0020000
100364.17f0: 0000000000151000-ffffffff88d41fff 0x0001/0x0000 0x0000000
101364.17f0: *0000000077560000-000000007755efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
102364.17f0: 0000000077561000-000000007745efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
103364.17f0: 0000000077663000-0000000077633fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
104364.17f0: 0000000077692000-0000000077685fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
105364.17f0: 000000007769e000-0000000077632fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
106364.17f0: 0000000077709000-000000006fe31fff 0x0001/0x0000 0x0000000
107364.17f0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
108364.17f0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
109364.17f0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
110364.17f0: 000000007fff0000-ffffffffc0a2ffff 0x0001/0x0000 0x0000000
111364.17f0: *000000013f5b0000-000000013f5aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
112364.17f0: 000000013f5b1000-000000013f52cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
113364.17f0: 000000013f635000-000000013f633fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
114364.17f0: 000000013f636000-000000013f5f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
115364.17f0: 000000013f673000-000000013f671fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
116364.17f0: 000000013f674000-000000013f672fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
117364.17f0: 000000013f675000-000000013f672fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
118364.17f0: 000000013f677000-000000013f675fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
119364.17f0: 000000013f678000-000000013f676fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
120364.17f0: 000000013f679000-000000013f674fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
121364.17f0: 000000013f67d000-000000013f643fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
122364.17f0: 000000013f6b6000-fffff8037f4ebfff 0x0001/0x0000 0x0000000
123364.17f0: *000007feff880000-000007feff87efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apisetschema.dll
124364.17f0: 000007feff881000-000007fdff151fff 0x0001/0x0000 0x0000000
125364.17f0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
126364.17f0: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
127364.17f0: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
128364.17f0: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
129364.17f0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
130364.17f0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
131364.17f0: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
132364.17f0: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
133364.17f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
134364.17f0: '\Device\HarddiskVolume4\Windows\System32\apisetschema.dll' has no imports
135364.17f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
136364.17f0: supR3HardNtChildPurify: Done after 307 ms and 0 fixes (loop #0).
137da4.15f8: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
138da4.15f8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077560000
139364.17f0: supR3HardNtEnableThreadCreation:
140da4.15f8: ntdll.dll: timestamp 0x4ec4aa8e (rc=VINF_SUCCESS)
141da4.15f8: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
142da4.15f8: System32: \Device\HarddiskVolume4\Windows\System32
143da4.15f8: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
144da4.15f8: KnownDllPath: C:\Windows\system32
145da4.15f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
146da4.15f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
147da4.15f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
148da4.15f8: Registered Dll notification callback with NTDLL.
149da4.15f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
150da4.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
151da4.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
152da4.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
153da4.15f8: supR3HardenedDllNotificationCallback: load 0000000077440000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
154da4.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
155da4.15f8: supR3HardenedDllNotificationCallback: load 000007fefd3f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
156da4.15f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
157da4.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
158da4.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077440000 'C:\Windows\system32\kernel32.dll'
159da4.15f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007758c320 pvNtTerminateThread=00000000775b1840
160364.17f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
161da4.15f8: \SystemRoot\System32\ntdll.dll:
162da4.15f8: CreationTime: 2013-05-30T01:33:02.156950000Z
163da4.15f8: LastWriteTime: 2011-11-17T06:41:18.858669900Z
164da4.15f8: ChangeTime: 2013-07-03T19:28:34.581962500Z
165da4.15f8: FileAttributes: 0x20
166da4.15f8: Size: 0x1a6d50
167da4.15f8: NT Headers: 0xe0
168da4.15f8: Timestamp: 0x4ec4aa8e
169da4.15f8: Machine: 0x8664 - amd64
170da4.15f8: Timestamp: 0x4ec4aa8e
171da4.15f8: Image Version: 6.1
172da4.15f8: SizeOfImage: 0x1a9000 (1740800)
173da4.15f8: Resource Dir: 0x151000 LB 0x560d8
174da4.15f8: ProductName: Microsoft® Windows® Operating System
175da4.15f8: ProductVersion: 6.1.7601.17725
176da4.15f8: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
177da4.15f8: FileDescription: NT Layer DLL
178da4.15f8: \SystemRoot\System32\kernel32.dll:
179da4.15f8: CreationTime: 2013-06-30T14:41:33.930567300Z
180da4.15f8: LastWriteTime: 2012-11-30T05:41:07.621000000Z
181da4.15f8: ChangeTime: 2013-07-03T19:28:50.821591000Z
182da4.15f8: FileAttributes: 0x20
183da4.15f8: Size: 0x11b800
184da4.15f8: NT Headers: 0xe8
185da4.15f8: Timestamp: 0x50b8479a
186da4.15f8: Machine: 0x8664 - amd64
187da4.15f8: Timestamp: 0x50b8479a
188da4.15f8: Image Version: 6.1
189da4.15f8: SizeOfImage: 0x11f000 (1175552)
190da4.15f8: Resource Dir: 0x116000 LB 0x528
191da4.15f8: ProductName: Microsoft® Windows® Operating System
192da4.15f8: ProductVersion: 6.1.7601.18015
193da4.15f8: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
194da4.15f8: FileDescription: Windows NT BASE API Client DLL
195da4.15f8: \SystemRoot\System32\KernelBase.dll:
196da4.15f8: CreationTime: 2013-06-30T14:41:33.894565200Z
197da4.15f8: LastWriteTime: 2012-11-30T05:41:07.715000000Z
198da4.15f8: ChangeTime: 2013-07-03T19:28:52.740394400Z
199da4.15f8: FileAttributes: 0x20
200da4.15f8: Size: 0x67a00
201da4.15f8: NT Headers: 0xe8
202da4.15f8: Timestamp: 0x50b8479b
203da4.15f8: Machine: 0x8664 - amd64
204da4.15f8: Timestamp: 0x50b8479b
205da4.15f8: Image Version: 6.1
206da4.15f8: SizeOfImage: 0x6b000 (438272)
207da4.15f8: Resource Dir: 0x69000 LB 0x530
208da4.15f8: ProductName: Microsoft® Windows® Operating System
209da4.15f8: ProductVersion: 6.1.7601.18015
210da4.15f8: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
211da4.15f8: FileDescription: Windows NT BASE API Client DLL
212da4.15f8: \SystemRoot\System32\apisetschema.dll:
213da4.15f8: CreationTime: 2009-07-13T23:18:54.866423200Z
214da4.15f8: LastWriteTime: 2009-07-14T01:24:53.779000000Z
215da4.15f8: ChangeTime: 2013-05-30T01:10:20.175000200Z
216da4.15f8: FileAttributes: 0x20
217da4.15f8: Size: 0x1a00
218da4.15f8: NT Headers: 0xc0
219da4.15f8: Timestamp: 0x4a5bdeab
220da4.15f8: Machine: 0x8664 - amd64
221da4.15f8: Timestamp: 0x4a5bdeab
222da4.15f8: Image Version: 6.1
223da4.15f8: SizeOfImage: 0x50000 (327680)
224da4.15f8: Resource Dir: 0x30000 LB 0x3f0
225da4.15f8: ProductName: Microsoft® Windows® Operating System
226da4.15f8: ProductVersion: 6.1.7600.16385
227da4.15f8: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
228da4.15f8: FileDescription: ApiSet Schema DLL
229da4.15f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
230da4.15f8: supR3HardenedWinFindAdversaries: 0x0
231da4.15f8: Calling main()
232da4.15f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
233da4.15f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
234da4.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
235da4.15f8: SUPR3HardenedMain: Respawn #2
236da4.15f8: supR3HardNtEnableThreadCreation:
237da4.15f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
238da4.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
239da4.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
240da4.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
241da4.15f8: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
242da4.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
243da4.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\apphelp.dll'
244da4.15f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007758c320 pvNtTerminateThread=00000000775b1840
245da4.15f8: supR3HardenedWinDoReSpawn(2): New child a78.660 [kernel32].
246da4.15f8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
247da4.15f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077560000 uNtDllChildAddr=0000000077560000
248da4.15f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007758c320
249da4.15f8: supR3HardenedWinSetupChildInit: Start child.
250da4.15f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
251da4.15f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 28 sleeps
252da4.15f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
253da4.15f8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
254da4.15f8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
255da4.15f8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
256da4.15f8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
257da4.15f8: *0000000000040000-fffffffffff43fff 0x0000/0x0004 0x0020000
258da4.15f8: 000000000013c000-0000000000138fff 0x0104/0x0004 0x0020000
259da4.15f8: 000000000013f000-000000000013dfff 0x0004/0x0004 0x0020000
260da4.15f8: *0000000000140000-000000000013efff 0x0004/0x0004 0x0020000
261da4.15f8: 0000000000141000-0000000000131fff 0x0001/0x0000 0x0000000
262da4.15f8: *0000000000150000-000000000014efff 0x0004/0x0004 0x0020000
263da4.15f8: 0000000000151000-ffffffff88d41fff 0x0001/0x0000 0x0000000
264da4.15f8: *0000000077560000-000000007755efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
265da4.15f8: 0000000077561000-000000007745efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
266da4.15f8: 0000000077663000-0000000077633fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
267da4.15f8: 0000000077692000-0000000077685fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
268da4.15f8: 000000007769e000-0000000077632fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
269da4.15f8: 0000000077709000-000000006fe31fff 0x0001/0x0000 0x0000000
270da4.15f8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
271da4.15f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
272da4.15f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
273da4.15f8: 000000007fff0000-ffffffffc0a2ffff 0x0001/0x0000 0x0000000
274da4.15f8: *000000013f5b0000-000000013f5aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
275da4.15f8: 000000013f5b1000-000000013f52cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
276da4.15f8: 000000013f635000-000000013f633fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
277da4.15f8: 000000013f636000-000000013f5f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
278da4.15f8: 000000013f673000-000000013f671fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
279da4.15f8: 000000013f674000-000000013f672fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
280da4.15f8: 000000013f675000-000000013f672fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
281da4.15f8: 000000013f677000-000000013f675fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
282da4.15f8: 000000013f678000-000000013f676fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
283da4.15f8: 000000013f679000-000000013f674fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
284da4.15f8: 000000013f67d000-000000013f643fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
285da4.15f8: 000000013f6b6000-fffff8037f4ebfff 0x0001/0x0000 0x0000000
286da4.15f8: *000007feff880000-000007feff87efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apisetschema.dll
287da4.15f8: 000007feff881000-000007fdff151fff 0x0001/0x0000 0x0000000
288da4.15f8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
289da4.15f8: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
290da4.15f8: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
291da4.15f8: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
292da4.15f8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
293da4.15f8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
294da4.15f8: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
295da4.15f8: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
296da4.15f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
297da4.15f8: '\Device\HarddiskVolume4\Windows\System32\apisetschema.dll' has no imports
298da4.15f8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
299da4.15f8: supR3HardNtChildPurify: Done after 293 ms and 0 fixes (loop #0).
300a78.660: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
301a78.660: supR3HardenedVmProcessInit: uNtDllAddr=0000000077560000
302a78.660: ntdll.dll: timestamp 0x4ec4aa8e (rc=VINF_SUCCESS)
303a78.660: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
304da4.15f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
305da4.15f8: supR3HardNtEnableThreadCreation:
306a78.660: System32: \Device\HarddiskVolume4\Windows\System32
307a78.660: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
308a78.660: KnownDllPath: C:\Windows\system32
309a78.660: supR3HardenedVmProcessInit: Opening vboxdrv...
310a78.660: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
311a78.660: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
312a78.660: Registered Dll notification callback with NTDLL.
313a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
314a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
315a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
316a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
317a78.660: supR3HardenedDllNotificationCallback: load 0000000077440000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
318a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
319a78.660: supR3HardenedDllNotificationCallback: load 000007fefd3f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
320a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
321a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
322a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077440000 'C:\Windows\system32\kernel32.dll'
323a78.660: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007758c320 pvNtTerminateThread=00000000775b1840
324da4.15f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
325a78.660: \SystemRoot\System32\ntdll.dll:
326a78.660: CreationTime: 2013-05-30T01:33:02.156950000Z
327a78.660: LastWriteTime: 2011-11-17T06:41:18.858669900Z
328a78.660: ChangeTime: 2013-07-03T19:28:34.581962500Z
329a78.660: FileAttributes: 0x20
330a78.660: Size: 0x1a6d50
331a78.660: NT Headers: 0xe0
332a78.660: Timestamp: 0x4ec4aa8e
333a78.660: Machine: 0x8664 - amd64
334a78.660: Timestamp: 0x4ec4aa8e
335a78.660: Image Version: 6.1
336a78.660: SizeOfImage: 0x1a9000 (1740800)
337a78.660: Resource Dir: 0x151000 LB 0x560d8
338a78.660: ProductName: Microsoft® Windows® Operating System
339a78.660: ProductVersion: 6.1.7601.17725
340a78.660: FileVersion: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
341a78.660: FileDescription: NT Layer DLL
342a78.660: \SystemRoot\System32\kernel32.dll:
343a78.660: CreationTime: 2013-06-30T14:41:33.930567300Z
344a78.660: LastWriteTime: 2012-11-30T05:41:07.621000000Z
345a78.660: ChangeTime: 2013-07-03T19:28:50.821591000Z
346a78.660: FileAttributes: 0x20
347a78.660: Size: 0x11b800
348a78.660: NT Headers: 0xe8
349a78.660: Timestamp: 0x50b8479a
350a78.660: Machine: 0x8664 - amd64
351a78.660: Timestamp: 0x50b8479a
352a78.660: Image Version: 6.1
353a78.660: SizeOfImage: 0x11f000 (1175552)
354a78.660: Resource Dir: 0x116000 LB 0x528
355a78.660: ProductName: Microsoft® Windows® Operating System
356a78.660: ProductVersion: 6.1.7601.18015
357a78.660: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
358a78.660: FileDescription: Windows NT BASE API Client DLL
359a78.660: \SystemRoot\System32\KernelBase.dll:
360a78.660: CreationTime: 2013-06-30T14:41:33.894565200Z
361a78.660: LastWriteTime: 2012-11-30T05:41:07.715000000Z
362a78.660: ChangeTime: 2013-07-03T19:28:52.740394400Z
363a78.660: FileAttributes: 0x20
364a78.660: Size: 0x67a00
365a78.660: NT Headers: 0xe8
366a78.660: Timestamp: 0x50b8479b
367a78.660: Machine: 0x8664 - amd64
368a78.660: Timestamp: 0x50b8479b
369a78.660: Image Version: 6.1
370a78.660: SizeOfImage: 0x6b000 (438272)
371a78.660: Resource Dir: 0x69000 LB 0x530
372a78.660: ProductName: Microsoft® Windows® Operating System
373a78.660: ProductVersion: 6.1.7601.18015
374a78.660: FileVersion: 6.1.7601.18015 (win7sp1_gdr.121129-1432)
375a78.660: FileDescription: Windows NT BASE API Client DLL
376a78.660: \SystemRoot\System32\apisetschema.dll:
377a78.660: CreationTime: 2009-07-13T23:18:54.866423200Z
378a78.660: LastWriteTime: 2009-07-14T01:24:53.779000000Z
379a78.660: ChangeTime: 2013-05-30T01:10:20.175000200Z
380a78.660: FileAttributes: 0x20
381a78.660: Size: 0x1a00
382a78.660: NT Headers: 0xc0
383a78.660: Timestamp: 0x4a5bdeab
384a78.660: Machine: 0x8664 - amd64
385a78.660: Timestamp: 0x4a5bdeab
386a78.660: Image Version: 6.1
387a78.660: SizeOfImage: 0x50000 (327680)
388a78.660: Resource Dir: 0x30000 LB 0x3f0
389a78.660: ProductName: Microsoft® Windows® Operating System
390a78.660: ProductVersion: 6.1.7600.16385
391a78.660: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
392a78.660: FileDescription: ApiSet Schema DLL
393a78.660: NtOpenDirectoryObject failed on \Driver: 0xc0000022
394a78.660: supR3HardenedWinFindAdversaries: 0x0
395a78.660: Calling main()
396a78.660: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
397a78.660: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
398a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
399a78.660: SUPR3HardenedMain: Final process, opening VBoxDrv...
400a78.660: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
401a78.660: supR3HardNtEnableThreadCreation:
402a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
403a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
404a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006644e0:C:\Windows\system32 [calling]
405a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
406a78.660: supR3HardenedDllNotificationCallback: load 000007fef4100000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
407a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
409a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
410a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4100000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
411a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
412a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
413a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4100000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
414a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4100000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
415a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
416a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
417a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
418a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
419a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
420a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
421a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
422a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
423a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
424a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
425a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
426a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
427a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
428a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
429a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
430a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
431a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
432a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
433a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
434a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
435a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
436a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
437a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
438a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
439a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
440a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
441a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
442a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
443a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
444a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
445a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006644e0:C:\Windows\system32 [calling]
446a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
447a78.660: supR3HardenedDllNotificationCallback: load 000007fefd460000 LB 0x00039000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
448a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
449a78.660: supR3HardenedDllNotificationCallback: load 000007feff7d0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
450a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
451a78.660: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x0016a000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
452a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
453a78.660: supR3HardenedDllNotificationCallback: load 000007fefd3e0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
454a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
455a78.660: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
456a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
457a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\Windows\system32\Wintrust.dll'
458a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
459a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
460a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
461a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
462a78.660: supR3HardenedDllNotificationCallback: load 000007fefce00000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
463a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
464a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce00000 'C:\Windows\system32\CRYPTSP.dll'
465a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
466a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
467a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
468a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
469a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
470a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
471a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
472a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
473a78.660: supR3HardenedDllNotificationCallback: load 000007fefc910000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
474a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
475a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc910000 'C:\Windows\system32\rsaenh.dll'
476a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
477a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
478a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
479a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
480a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
481a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
482a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
483a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
484a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
485a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
486a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
487a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
488a78.660: supR3HardenedDllNotificationCallback: load 000007fefde70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
489a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
490a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
491a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
492a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
493a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
494a78.660: supR3HardenedDllNotificationCallback: load 000007fefe340000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
495a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
496a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
497a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
498a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
499a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
500a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
501a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
502a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
503a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
504a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
505a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
506a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
507a78.660: supR3HardenedDllNotificationCallback: load 000007fefd270000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
508a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
509a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\CRYPTBASE.dll'
510a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
511a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
512a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077440000 'C:\Windows\system32\kernel32.dll'
513a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
514a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
515a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\Windows\system32\WINTRUST.DLL'
516a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
517a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
518a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\CRYPT32.dll'
519a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
520a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
521a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
522a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
523a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
524a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
525a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
526a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
527a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
528a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
529a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
530a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
531a78.660: supR3HardenedDllNotificationCallback: load 000007fefe650000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
532a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
533a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe650000 'C:\Windows\system32\imagehlp.dll'
534a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
535a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
536a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce00000 'C:\Windows\system32\CRYPTSP.dll'
537a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
538a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
539a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
540a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
541a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
542a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
543a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
544a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
545a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
546a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
547a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume4\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
548a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
549a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
550a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
551a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\lpk.dll)
552a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\lpk.dll
553a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
554a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
555a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
556a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
557a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume4\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
558a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
559a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
560a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
561a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\usp10.dll)
562a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usp10.dll
563a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
564a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
565a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
566a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
567a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
568a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
569a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
570a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
571a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
572a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
573a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
574a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
575a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
576a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
577a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
578a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
579a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
580a78.660: supR3HardenedDllNotificationCallback: load 0000000077340000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
581a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
582a78.660: supR3HardenedDllNotificationCallback: load 000007fefe590000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
583a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
584a78.660: supR3HardenedDllNotificationCallback: load 000007fefde20000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
585a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\lpk.dll [lacks WinVerifyTrust]
586a78.660: supR3HardenedDllNotificationCallback: load 000007fefe060000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
587a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\usp10.dll [lacks WinVerifyTrust]
588a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
589a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
590a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe590000 'C:\Windows\system32\gdi32.dll'
591a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
592a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
593a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
594a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
595a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
596a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
597a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
598a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
599a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
600a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
601a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
602a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
603a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
604a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
605a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
606a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
607a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
608a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
609a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
610a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
611a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
612a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
613a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
614a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
615a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
616a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
617a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
618a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
619a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
620a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
621a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
622a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
623a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
624a78.660: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
625a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
626a78.660: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
627a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [lacks WinVerifyTrust]
628a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'C:\Windows\system32\IMM32.DLL'
629a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\USER32.dll'
630a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
631a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
632a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
633a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
634a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
635a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
636a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
637a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
638a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
639a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
640a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
641a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
642a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
643a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
644a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
645a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
646a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
647a78.660: supR3HardenedDllNotificationCallback: load 000007fefcd70000 LB 0x0004d000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
648a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
649a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
650a78.660: supR3HardenedDllNotificationCallback: load 000007fefcd40000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
651a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
652a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd70000 'C:\Windows\system32\ncrypt.dll'
653a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
654a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
655a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
656a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
657a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
658a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
659a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
660a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
661a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
662a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
663a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
664a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
665a78.660: supR3HardenedDllNotificationCallback: load 000007fefc850000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
666a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
667a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\bcryptprimitives.dll'
668a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
669a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
670a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd40000 'C:\Windows\system32\bcrypt.dll'
671a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
672a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
673a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
674a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)
675a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
676a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
677a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
678a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
679a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
680a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
681a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
682a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
683a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
684a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
685a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
686a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
687a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
688a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
689a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
690a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
691a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [lacks WinVerifyTrust]
692a78.660: supR3HardenedDllNotificationCallback: load 000007fefc330000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
693a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [lacks WinVerifyTrust]
694a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
695a78.660: supR3HardenedDllNotificationCallback: load 000007fefd340000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
696a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
697a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\USERENV.dll'
698a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
699a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
700a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
701a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
702a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
703a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
704a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
705a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
706a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
707a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
708a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
709a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
710a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
711a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
712a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
713a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
714a78.660: supR3HardenedDllNotificationCallback: load 000007fefc310000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
715a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
716a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc310000 'C:\Windows\system32\GPAPI.dll'
717a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
718a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-WIN-Service-Management-L1-1-0.dll'
719a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
721a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\rpcrt4.dll'
722a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
723a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-WIN-Service-Management-L2-1-0.dll'
724a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
725a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
726a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
727a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
728a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
729a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
730a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
731a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
732a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
733a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
734a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
735a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
736a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
737a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
738a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
739a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
740a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
741a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
742a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
743a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
744a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
745a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
746a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
747a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
748a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
749a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
750a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
751a78.660: supR3HardenedDllNotificationCallback: load 000007fef8d30000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
752a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
753a78.660: supR3HardenedDllNotificationCallback: load 000007fefe670000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
754a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
755a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
756a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
757a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
758a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
759a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
760a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
761a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
763a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
764a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
766a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
767a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
769a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
770a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
772a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
773a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
775a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
777a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
778a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
779a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
781a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
783a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
784a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d30000 'C:\Windows\system32\cryptnet.dll'
786a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
787a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
788a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
789a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
790a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd340000 'C:\Windows\system32\profapi.dll'
791a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
792a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
793a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
794a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
795a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
796a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
797a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
798a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
799a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
800a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
801a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
802a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
803a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
804a78.660: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
805a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
806a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
807a78.660: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
808a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
809a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\SHLWAPI.dll'
810a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
811a78.660: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006a5d40
812a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
813a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7997EF6A3B19ED6821CE62B530063268EEA69FB
814a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
815a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
816a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
817a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-WIN-Service-Management-L1-1-0.dll'
818a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
819a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
820a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
821a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
822a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
823a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
824a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
825a78.660: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
826a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
827a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2644615~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
828a78.660: g_pfnWinVerifyTrust=000007fefd461010
829a78.660: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
830a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume4\Windows\System32\crypt32.dll
831a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
832a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
833a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F4982E5F19EEC9EA72436D469FB5B41639FB6890
834a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
835a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
836a78.660: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
837a78.660: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
838a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume4\Windows\System32\wintrust.dll
839a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
840a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
841a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C2CAE387D4C2336594C53781ECBA623A84C950D
842a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2749655~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
843a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
844a78.660: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
845a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume4\Windows\System32\shlwapi.dll
846a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
847a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
848a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
849a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
850a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
851a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
852a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
853a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
854a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
855a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
856a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
857a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
858a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
859a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
860a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
861a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
862a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0763F1478C58F0F99A6A6E775E5D3BF96015915
863a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
864a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
865a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
866a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume4\Windows\System32\gpapi.dll
867a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
868a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
869a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
870a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
871a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
872a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
873a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume4\Windows\System32\profapi.dll
874a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
875a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
876a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
877a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\profapi.dll'
878a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
879a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
880a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume4\Windows\System32\userenv.dll
881a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
882a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
883a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
884a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\userenv.dll'
885a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
886a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll'
887a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
888a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume4\Windows\System32\bcrypt.dll
889a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
890a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
891a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
892a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
893a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
894a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
895a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume4\Windows\System32\ncrypt.dll
896a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
897a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
898a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0DC2D4B5A74FD43339FA2F4C2E15D9DA54948F98
899a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2785220~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
900a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
901a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
902a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume4\Windows\System32\msctf.dll
903a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
904a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
905a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
906a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\msctf.dll'
907a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
908a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
909a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume4\Windows\System32\imm32.dll
910a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
911a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
912a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
913a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\imm32.dll'
914a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
915a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
916a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume4\Windows\System32\usp10.dll
917a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
918a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
919a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96BA3C96091DE177B5F321322AD23EC223594D43
920a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2786400~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\usp10.dll'
921a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
922a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\usp10.dll'
923a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume4\Windows\System32\lpk.dll
924a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
925a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
926a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
927a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\lpk.dll'
928a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
929a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\lpk.dll'
930a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume4\Windows\System32\gdi32.dll
931a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
932a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
933a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
934a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
935a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
936a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
937a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume4\Windows\System32\user32.dll
938a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
939a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
940a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
941a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\user32.dll'
942a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
943a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
944a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume4\Windows\System32\imagehlp.dll
945a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
946a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
947a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0A0F84DD55507C56A273E145872B7ECBEDE3F5
948a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
949a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
950a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
951a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptbase.dll
952a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
953a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
954a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
955a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
956a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
957a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
958a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume4\Windows\System32\sechost.dll
959a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
960a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
961a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
962a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\sechost.dll'
963a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
964a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
965a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume4\Windows\System32\advapi32.dll
966a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
967a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
968a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
969a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
970a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
971a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
972a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
973a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptsp.dll
974a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
975a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
976a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
977a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
978a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
979a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
980a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume4\Windows\System32\msvcrt.dll
981a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
982a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
983a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
984a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
985a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
986a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
987a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume4\Windows\System32\msasn1.dll
988a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
989a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
990a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
991a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
992a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
993a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
994a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
995a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
996a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
997a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
998a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
999a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1000a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
1001a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1002a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1003a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1004a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1005a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=91F085E8EC8E74411F756DB12A25CCD01E5A5A34
1006a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
1007a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1008a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
1009a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume4\Windows\System32\kernel32.dll
1010a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1011a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1012a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E81B4259AE0A9FFEFEA6E84E77A5D1659D68AE4
1013a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
1014a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1015a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
1016a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1017a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000074c7e0:C:\Windows\system32 [calling]
1018a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\crypt32.dll'
1019a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1020a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1021a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1022a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1023a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1024a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1025a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1026a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1027a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1028a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1029a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1030a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1031a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1032a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1033a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1034a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1035a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1036a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1037a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1038a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1039a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1040a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1041a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1042a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1043a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1044a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1045a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1046a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1047a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1048a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1049a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1050a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1051a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1052a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1053a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1054a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1055a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1056a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1057a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1058a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1059a78.660: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1060a78.660: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
1061a78.660: SUPR3HardenedMain: Load Runtime...
1062a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1063a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1064a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1065a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1066a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1067a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1068a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1069a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1070a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1071a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1072a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1073a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1074a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1075a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1076a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1077a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\ws2_32.dll'
1078a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1079a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1080a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1081a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1082a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)WinVerifyTrust
1083a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1084a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1085a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1086a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1087a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1088a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1089a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1090a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1091a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1092a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1093a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1094a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1095a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1096a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1097a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1098a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume4\Windows\System32\nsi.dll
1099a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1100a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1101a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1102a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\nsi.dll'
1103a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1104a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)WinVerifyTrust
1105a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
1106a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1107a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1108a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1109a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1110a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1111a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1112a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1113a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1114a78.660: supR3HardenedDllNotificationCallback: load 000007fee2f50000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1115a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1116a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1117a78.660: supR3HardenedDllNotificationCallback: load 0000000062c30000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1118a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1119a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1120a78.660: supR3HardenedDllNotificationCallback: load 0000000062d80000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1121a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1122a78.660: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1123a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1124a78.660: supR3HardenedDllNotificationCallback: load 000007fefde30000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1125a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
1126a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1127a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1128a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1129a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1130a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1131a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1132a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1133a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1134a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1136a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1137a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1139a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1140a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1142a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1143a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1144a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1145a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1152a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1153a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1170a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000664dd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\NetSarang;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
1171a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2f50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1175a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
1176a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ae4510:C:\Windows\system32 [calling]
1177a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\Windows\system32\Wintrust.dll'
1178a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1179a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ae4510:C:\Windows\system32 [calling]
1180a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\crypt32.dll'
1181a78.660: SUPR3HardenedMain: Load TrustedMain...
1182a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1183a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1184a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1185a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1186a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1187a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1188a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1189a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1190a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1191a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1192a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1193a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1194a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1195a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1196a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1197a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1198a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1199a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1200a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1201a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1202a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume4\Windows\System32\winmm.dll
1203a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1204a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1205a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1206a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\winmm.dll'
1207a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1209a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1210a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll)WinVerifyTrust
1211a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
1212a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1213a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1214a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1215a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1216a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1217a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1218a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
1219a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1220a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1221a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1222a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1223a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1224a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1225a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1226a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)WinVerifyTrust
1227a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1228a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1229a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1230a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1231a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1232a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1233a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
1234a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleaut32.dll'
1235a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1236a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1237a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1238a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1239a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1240a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1241a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)WinVerifyTrust
1242a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1243a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1244a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1245a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume4\Windows\System32\ole32.dll
1246a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1247a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1248a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1249a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\ole32.dll'
1250a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1251a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1252a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1253a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1254a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1255a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)WinVerifyTrust
1256a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1257a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1258a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1259a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume4\Windows\System32\shell32.dll
1260a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1261a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1262a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A70F7162DFFC318E0F7145F504A38FDE2056B52
1263a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB2798162~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\shell32.dll'
1264a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1265a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1266a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1267a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1268a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1269a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)WinVerifyTrust
1270a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
1271a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1272a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1273a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1274a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1275a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1276a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1277a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1278a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1279a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1280a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1281a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1282a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1283a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1284a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1285a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1286a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1287a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1288a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1289a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1290a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1291a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1292a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1293a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1294a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1295a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1296a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1297a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1298a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1299a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1300a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1301a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1302a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1303a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1304a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1305a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1306a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1307a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1308a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1309a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1310a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1311a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1312a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1313a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1314a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1315a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1316a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1317a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1318a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1319a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1320a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1321a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1322a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1323a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1324a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1325a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1326a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1327a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1328a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1329a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1330a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1331a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1332a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1333a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
1334a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1335a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1336a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1337a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1338a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1339a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1340a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1341a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1342a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1343a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1344a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1345a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)WinVerifyTrust
1346a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1347a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1348a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1349a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1350a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1351a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume4\Windows\System32\ddraw.dll
1352a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1353a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1354a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1355a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\ddraw.dll'
1356a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1357a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1358a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1359a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1360a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1361a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1362a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1363a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)WinVerifyTrust
1364a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1365a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1366a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1367a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
1368a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1369a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1370a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1371a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
1372a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1373a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1374a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1375a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1376a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)WinVerifyTrust
1377a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
1378a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1379a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1380a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1381a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1382a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1383a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1384a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1385a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1386a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1387a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1388a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1389a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1390a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1391a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1392a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1393a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1394a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1395a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1396a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1397a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1398a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1399a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1400a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1401a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1402a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1403a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1404a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1405a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1406a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1407a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1408a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1409a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1410a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1411a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1412a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1413a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1414a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1415a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1416a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1417a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1418a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1419a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1420a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1421a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1422a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume4\Windows\System32\winspool.drv
1423a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1424a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1425a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1426a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\winspool.drv'
1427a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1428a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1429a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1430a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1431a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)WinVerifyTrust
1432a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
1433a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1434a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1435a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1436a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1437a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1438a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
1439a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1440a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1441a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1442a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1443a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1444a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1445a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1446a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1447a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1448a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1449a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1450a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1451a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1452a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1453a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1454a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1455a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1456a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1457a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1458a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1459a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1460a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1461a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1462a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1463a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1464a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1465a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1466a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1467a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1468a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1469a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1470a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1471a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1472a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1473a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1474a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1475a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1476a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1477a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1478a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1479a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1480a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1481a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1482a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1483a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1484a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1485a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1486a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1487a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1488a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1489a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1490a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1491a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1494a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1495a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1496a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1497a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1498a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1499a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1500a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1501a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1502a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1503a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1504a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1505a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1506a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume4\Windows\System32\comctl32.dll
1507a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1508a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1509a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1510a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
1511a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1512a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1513a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1514a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1515a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)WinVerifyTrust
1516a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
1517a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1518a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1519a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1520a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1521a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1522a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1523a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1524a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1525a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1526a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1529a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1530a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1531a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1532a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1533a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1534a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1535a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1536a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1537a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1538a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1539a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1540a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1541a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1542a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1543a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1544a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1545a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1546a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1547a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1548a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1549a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1550a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1551a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1552a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1553a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1554a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1555a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1556a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
1557a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1558a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1559a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1560a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1561a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)WinVerifyTrust
1562a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1563a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1564a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1565a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume4\Windows\System32\setupapi.dll
1566a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1567a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1568a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1569a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\setupapi.dll'
1570a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1571a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1572a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1573a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1574a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1575a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1576a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1577a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1578a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)WinVerifyTrust
1579a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
1580a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1581a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1582a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1583a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1584a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume4\Windows\System32\dciman32.dll
1585a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1586a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1587a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
1588a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\dciman32.dll'
1589a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1590a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1591a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1592a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1593a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)WinVerifyTrust
1594a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1595a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1596a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1597a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1598a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1599a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1600a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1601a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1604a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1605a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1606a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1607a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume4\Windows\System32\devobj.dll
1608a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1609a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1610a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1611a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\devobj.dll'
1612a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1613a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1614a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1615a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)WinVerifyTrust
1616a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
1617a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1618a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1619a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1620a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1623a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1624a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1625a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1626a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1627a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1628a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1629a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1630a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1631a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1632a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1633a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1634a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
1635a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1636a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1637a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1638a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1639a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1640a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1641a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1642a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1643a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1644a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1645a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1646a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1647a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1648a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1649a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1650a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1651a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1652a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1653a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1654a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1655a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1656a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1657a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1658a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1659a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1660a78.660: supR3HardenedDllNotificationCallback: load 000007fee26d0000 LB 0x00873000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1661a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1662a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1663a78.660: supR3HardenedDllNotificationCallback: load 000007fee25b0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1664a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1665a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\glu32.dll
1666a78.660: supR3HardenedDllNotificationCallback: load 000007feeac90000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1667a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\glu32.dll
1668a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1669a78.660: supR3HardenedDllNotificationCallback: load 000007fee24b0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1670a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1671a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1672a78.660: supR3HardenedDllNotificationCallback: load 000007fef40f0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1673a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1674a78.660: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1675a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
1676a78.660: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1677a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1678a78.660: supR3HardenedDllNotificationCallback: load 000007feff6f0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1679a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1680a78.660: supR3HardenedDllNotificationCallback: load 000007fefe130000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1681a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1682a78.660: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1683a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
1684a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1685a78.660: supR3HardenedDllNotificationCallback: load 000007fefb430000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1686a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1687a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1688a78.660: supR3HardenedDllNotificationCallback: load 000000005f8e0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1689a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1690a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1691a78.660: supR3HardenedDllNotificationCallback: load 000000005d280000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1692a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1693a78.660: supR3HardenedDllNotificationCallback: load 000007fefd770000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1694a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1695a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1696a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1697a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1698a78.660: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
1699a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1700a78.660: supR3HardenedDllNotificationCallback: load 000007fef9ed0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
1701a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
1702a78.660: supR3HardenedDllNotificationCallback: load 000007fefe960000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1703a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1704a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1705a78.660: supR3HardenedDllNotificationCallback: load 000007fefb0b0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1706a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1707a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winspool.drv
1708a78.660: supR3HardenedDllNotificationCallback: load 000007fefacb0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1709a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winspool.drv
1710a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1711a78.660: supR3HardenedDllNotificationCallback: load 0000000060e20000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1712a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1713a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1714a78.660: supR3HardenedDllNotificationCallback: load 0000000060d40000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1715a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1716a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1717a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1718a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1719a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1720a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'
1721a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1722a78.660: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'
1723a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
1724a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1725a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1726a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1727a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1728a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1729a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1730a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e9bc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1731a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'C:\Windows\system32\imm32.dll'
1732a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee26d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1733a78.660: SUPR3HardenedMain: Calling TrustedMain (000007fee26d1ca0)...
1734a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1735a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1736a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\winmm.dll'
1737a78.660: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll: Owner is administrators group.
1738a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000574 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1739a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1740a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1741a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=578AB85BF149ED25EA7FF460A4A5587C358F87A2
1742a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1743a78.660: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006a5d40
1744a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1745a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=578AB85BF149ED25EA7FF460A4A5587C358F87A2
1746a78.660: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1747a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1748a78.660: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll)WinVerifyTrust
1749a78.660: Error (rc=0):
1750a78.660: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll: Not signed.
1751'\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' is most likely modified.
1752a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1753a78.660: Error (rc=0):
1754a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1755a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1756a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1757a78.660: Error (rc=0):
1758a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1759a78.660: Error (rc=0):
1760a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1761a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1762a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1763a78.660: Error (rc=0):
1764a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1765a78.660: Error (rc=0):
1766a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1767a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1768a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1769a78.660: Error (rc=0):
1770a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1771a78.660: Error (rc=0):
1772a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1773a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1774a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1775a78.660: Error (rc=0):
1776a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1777a78.660: Error (rc=0):
1778a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1779a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1780a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
1781a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1782a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\CRYPTBASE.dll'
1783a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1784a78.660: Error (rc=0):
1785a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1786a78.660: Error (rc=0):
1787a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1788a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1789a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1790a78.660: Error (rc=0):
1791a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1792a78.660: Error (rc=0):
1793a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1794a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1795a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1796a78.660: Error (rc=0):
1797a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1798a78.660: Error (rc=0):
1799a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1800a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1801a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1802a78.660: Error (rc=0):
1803a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1804a78.660: Error (rc=0):
1805a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1806a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1807a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1808a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1809a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe960000 'C:\Windows\system32\shell32.dll'
1810a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1811a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1812a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077440000 'C:\Windows\system32\kernel32.dll'
1813a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1814a78.660: Error (rc=0):
1815a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1816a78.660: Error (rc=0):
1817a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1818a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1819a78.660: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
1820a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1821a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1822a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\user32.dll'
1823a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\user32.dll'
1824a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\advapi32.dll'
1825a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1826a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1827a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\userenv.dll'
1828a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1829a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1830a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077440000 'C:\Windows\system32\kernel32.dll'
1831a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1832a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1833a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1834a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1835a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
1836a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1837a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1838a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1839a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1840a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1841a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1842a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1843a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)WinVerifyTrust
1844a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1845a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1846a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1847a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1848a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1849a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1850a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1851a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1852a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1853a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1854a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1855a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1856a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1857a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1858a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1859a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e97d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1860a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1861a78.660: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1862a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1863a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\CLBCatQ.DLL'
1864a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1865a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e9f20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1866a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
1867a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
1868a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e9ce0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1869a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce00000 'C:\Windows\system32\CRYPTSP.dll'
1870a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c4 pwszName=\Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll
1871a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1872a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1873a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1874a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll'
1875a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1876a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1877a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
1878a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll
1879a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1880a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1881a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e9ce0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1882a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll
1883a78.660: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1884a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\RpcRtRemote.dll
1885a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\RpcRtRemote.dll'
1886a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1887a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000074e990:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1888a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\oleaut32.dll'
1889a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume4\Windows\System32\sxs.dll
1890a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1891a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1892a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
1893a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\sxs.dll'
1894a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1895a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)WinVerifyTrust
1896a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
1897a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006ea160:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1898a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll
1899a78.660: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
1900a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll
1901a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\SXS.DLL'
1902a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
1903a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1904a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006ea5e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1905a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\OLEAUT32.dll'
1906a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe590000 'C:\Windows\system32\gdi32.dll'
1907a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1908a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1909a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1910a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1911a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1912a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1913a78.1684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1914a78.1684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
1915a78.1684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1916a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1917a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1918a78.1684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1919a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1920a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1921a78.1684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1922a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1923a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1924a78.1684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1925a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1926a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1927a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1928a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1929a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1930a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1931a78.1684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1932a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1933a78.1684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1934a78.1684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000071b2a0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1935a78.1684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1936a78.1684: supR3HardenedDllNotificationCallback: load 000007fee17c0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1937a78.1684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1938a78.1684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee17c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1939a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1940a78.660: Error (rc=0):
1941a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1942a78.660: Error (rc=0):
1943a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1944a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1945a78.660: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
1946a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1947a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1948a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\user32.dll'
1949a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1950a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006ea1f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1951a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe960000 'C:\Windows\system32\shell32.dll'
1952a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1953a78.660: Error (rc=0):
1954a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1955a78.660: Error (rc=0):
1956a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1957a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1958a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1959a78.660: Error (rc=0):
1960a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1961a78.660: Error (rc=0):
1962a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1963a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1964a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1965a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006ea1f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1966a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\ole32.dll'
1967a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1968a78.660: Error (rc=0):
1969a78.660: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1970a78.660: Error (rc=0):
1971a78.660: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
1972a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
1973a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1974a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1975a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\ole32.dll'
1976a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1977a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1978a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\OLEAUT32.dll'
1979a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000924 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1980a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
1981a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
1982a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
1983a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
1984a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1985a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1986a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
1987a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1988a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1989a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1990a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1991a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
1992a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1993a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1994a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1995a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1996a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1997a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1998a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1999a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2000a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2001a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2002a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2003a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2004a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2005a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2006a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2007a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2008a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
2009a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2010a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2011a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2012a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2013a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2014a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2015a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll)WinVerifyTrust
2016a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2017a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2018a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2019a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
2020a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2021a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2022a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2023a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2024a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2025a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2026a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2027a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2028a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2029a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2030a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2031a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000073ea90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2032a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2033a78.660: supR3HardenedDllNotificationCallback: load 000007fef8dd0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2034a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2035a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2036a78.660: supR3HardenedDllNotificationCallback: load 000007fef8a30000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2037a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2038a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8dd0000 'C:\Windows\system32\wbem\wbemprox.dll'
2039a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000944 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2040a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2041a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2042a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2043a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
2044a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2045a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2046a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2047a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2048a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2049a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2050a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2051a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2052a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2053a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000073ea90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2054a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2055a78.660: supR3HardenedDllNotificationCallback: load 000007fef7fa0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2056a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2057a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7fa0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2058a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2059a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2060a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2061a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2062a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
2063a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2064a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2065a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2066a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2067a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2068a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2069a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2070a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2071a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2072a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2073a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2074a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000092c pwszName=\Device\HarddiskVolume4\Windows\System32\ntdsapi.dll
2075a78.660: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2076a78.660: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2077a78.660: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2078a78.660: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\ntdsapi.dll'
2079a78.660: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2080a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2081a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2082a78.660: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2083a78.660: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdsapi.dll)WinVerifyTrust
2084a78.660: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdsapi.dll
2085a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2086a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2087a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2088a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2089a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2090a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2091a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2092a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2093a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2094a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2095a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2096a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2097a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2098a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2099a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2100a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2101a78.660: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
2102a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2103a78.660: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2104a78.660: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000073ea90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2105a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2106a78.660: supR3HardenedDllNotificationCallback: load 000007fef8810000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2107a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2108a78.660: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdsapi.dll
2109a78.660: supR3HardenedDllNotificationCallback: load 000007fef87e0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2110a78.660: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdsapi.dll
2111a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8810000 'C:\Windows\system32\wbem\fastprox.dll'
2112a78.660: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\OLEAUT32.dll'
2113a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2114a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2115a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2116a78.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
2117a78.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2118a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2119a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2120a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2121a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2122a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2123a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2124a78.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2125a78.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
2126a78.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2127a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2128a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2129a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2130a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2131a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2132a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2133a78.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2134a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2135a78.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2136a78.1678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2137a78.1678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2138a78.1678: supR3HardenedDllNotificationCallback: load 000007fee1560000 LB 0x00260000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2139a78.1678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2140a78.1678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2141a78.1678: supR3HardenedDllNotificationCallback: load 0000000060c30000 LB 0x00109000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2142a78.1678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2143a78.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1560000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2144a78.578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2145a78.578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2146a78.578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2147a78.578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2148a78.578: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2149a78.578: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2150a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2151a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2152a78.578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
2153a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2154a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2155a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2156a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2157a78.578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2158a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2159a78.578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2160a78.578: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2161a78.578: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2162a78.578: supR3HardenedDllNotificationCallback: load 000007fefa8b0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2163a78.578: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2164a78.578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2165a78.1430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2166a78.1430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2167a78.1430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2168a78.1430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2169a78.1430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2170a78.1430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2171a78.1430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2172a78.1430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2173a78.1430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2174a78.1430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2175a78.1430: supR3HardenedDllNotificationCallback: load 000007feee310000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2176a78.1430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2177a78.1430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee310000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2178a78.bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2179a78.bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2180a78.bf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2181a78.bf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
2182a78.bf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2183a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2184a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2185a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2186a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2187a78.bf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2188a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2189a78.bf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2190a78.bf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2191a78.bf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2192a78.bf0: supR3HardenedDllNotificationCallback: load 000007feead80000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2193a78.bf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2194a78.bf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2195a78.934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2196a78.934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2197a78.934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2198a78.934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
2199a78.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2200a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2201a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2202a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2203a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2204a78.934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2205a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2206a78.934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2207a78.934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2208a78.934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2209a78.934: supR3HardenedDllNotificationCallback: load 000007feeac50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2210a78.934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2211a78.934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2212a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2213a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2214a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2215a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2216a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2217a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2218a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2219a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2220a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2221a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2222a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
2223a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2224a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2225a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2226a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2227a78.458: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2228a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2229a78.458: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2230a78.458: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL'
2231a78.458: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2232a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2233a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2234a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2235a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2236a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2237a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2238a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2239a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2240a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2241a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2242a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2243a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2244a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2245a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2246a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2247a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2248a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2249a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2250a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2251a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2252a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2253a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
2254a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2255a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2256a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2257a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2258a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2259a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2260a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2261a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2262a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2263a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
2264a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2265a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2266a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2267a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2268a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2269a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2270a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2271a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2272a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2273a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2274a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2275a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2276a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
2277a78.458: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2278a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2279a78.458: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2280a78.458: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
2281a78.458: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2282a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2283a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2284a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2285a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2286a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2287a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2288a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2289a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll)WinVerifyTrust
2290a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
2291a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2292a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2293a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2294a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2295a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2296a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2297a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2298a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2299a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2300a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
2301a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2302a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2303a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2304a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2305a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2306a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2307a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2308a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2309a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2310a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2311a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2312a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume4\Windows\System32\winnsi.dll
2313a78.458: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006a5d40
2314a78.458: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006a5d40
2315a78.458: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2316a78.458: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
2317a78.458: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2318a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2319a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2320a78.458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2321a78.458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)WinVerifyTrust
2322a78.458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
2323a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2324a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2325a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
2326a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2327a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2328a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2329a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2330a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
2331a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2332a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2333a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2334a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2335a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2336a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2337a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2338a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2339a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2340a78.458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
2341a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2342a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2343a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2344a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2345a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2346a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2347a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2348a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2349a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2350a78.458: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2351a78.458: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003004910:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2352a78.458: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2353a78.458: supR3HardenedDllNotificationCallback: load 000007fee0c90000 LB 0x008ca000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2354a78.458: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2355a78.458: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2356a78.458: supR3HardenedDllNotificationCallback: load 000007fee4650000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2357a78.458: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2358a78.458: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2359a78.458: supR3HardenedDllNotificationCallback: load 000007fee5860000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
2360a78.458: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2361a78.458: supR3HardenedDllNotificationCallback: Unload 000007fee0c90000 LB 0x008ca000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2362a78.458: supR3HardenedDllNotificationCallback: Unload 000007fee4650000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2363a78.458: supR3HardenedDllNotificationCallback: Unload 000007fee5860000 LB 0x00051000 C:\Windows\system32\newdev.dll [flags=0x0]
2364a78.458: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2365a78.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\OLEAUT32.dll'
2366a78.934: supR3HardenedDllNotificationCallback: Unload 000007feeac50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2367a78.bf0: supR3HardenedDllNotificationCallback: Unload 000007feead80000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2368a78.1430: supR3HardenedDllNotificationCallback: Unload 000007feee310000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2369a78.578: supR3HardenedDllNotificationCallback: Unload 000007fefa8b0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2370a78.660: supR3HardenedDllNotificationCallback: Unload 000007fef8810000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2371a78.660: supR3HardenedDllNotificationCallback: Unload 000007fef87e0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2372a78.660: supR3HardenedDllNotificationCallback: Unload 000007fef7fa0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2373a78.660: supR3HardenedDllNotificationCallback: Unload 000007fef8dd0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2374a78.660: supR3HardenedDllNotificationCallback: Unload 000007fef8a30000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2375a78.660: supR3HardenedDllNotificationCallback: Unload 000007fee17c0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2376a78.660: Terminating the normal way: rcExit=0
2377da4.15f8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2586 ms, the end);
2378364.17f0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2920 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy