VirtualBox

Ticket #14105: VBoxStartup.log

File VBoxStartup.log, 415.0 KB (added by theblackwidower, 9 years ago)
Line 
11e08.2044: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21e08.2044: \SystemRoot\System32\ntdll.dll:
31e08.2044: CreationTime: 2015-04-15T14:45:54.472791400Z
41e08.2044: LastWriteTime: 2015-03-17T05:19:37.641771700Z
51e08.2044: ChangeTime: 2015-04-15T16:06:46.885223000Z
61e08.2044: FileAttributes: 0x20
71e08.2044: Size: 0x1a5da0
81e08.2044: NT Headers: 0xe0
91e08.2044: Timestamp: 0x5507b864
101e08.2044: Machine: 0x8664 - amd64
111e08.2044: Timestamp: 0x5507b864
121e08.2044: Image Version: 6.1
131e08.2044: SizeOfImage: 0x1a8000 (1736704)
141e08.2044: Resource Dir: 0x14c000 LB 0x5a028
151e08.2044: ProductName: Microsoft® Windows® Operating System
161e08.2044: ProductVersion: 6.1.7601.18798
171e08.2044: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
181e08.2044: FileDescription: NT Layer DLL
191e08.2044: \SystemRoot\System32\kernel32.dll:
201e08.2044: CreationTime: 2015-04-15T14:45:54.317791100Z
211e08.2044: LastWriteTime: 2015-03-17T05:16:34.921000000Z
221e08.2044: ChangeTime: 2015-04-15T16:06:46.994423200Z
231e08.2044: FileAttributes: 0x20
241e08.2044: Size: 0x11c000
251e08.2044: NT Headers: 0xe8
261e08.2044: Timestamp: 0x5507b879
271e08.2044: Machine: 0x8664 - amd64
281e08.2044: Timestamp: 0x5507b879
291e08.2044: Image Version: 6.1
301e08.2044: SizeOfImage: 0x11f000 (1175552)
311e08.2044: Resource Dir: 0x116000 LB 0x528
321e08.2044: ProductName: Microsoft® Windows® Operating System
331e08.2044: ProductVersion: 6.1.7601.18798
341e08.2044: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
351e08.2044: FileDescription: Windows NT BASE API Client DLL
361e08.2044: \SystemRoot\System32\KernelBase.dll:
371e08.2044: CreationTime: 2015-04-15T14:45:54.362791200Z
381e08.2044: LastWriteTime: 2015-03-17T05:16:34.921000000Z
391e08.2044: ChangeTime: 2015-04-15T16:06:46.994423200Z
401e08.2044: FileAttributes: 0x20
411e08.2044: Size: 0x67a00
421e08.2044: NT Headers: 0xe8
431e08.2044: Timestamp: 0x5507b87a
441e08.2044: Machine: 0x8664 - amd64
451e08.2044: Timestamp: 0x5507b87a
461e08.2044: Image Version: 6.1
471e08.2044: SizeOfImage: 0x6c000 (442368)
481e08.2044: Resource Dir: 0x6a000 LB 0x530
491e08.2044: ProductName: Microsoft® Windows® Operating System
501e08.2044: ProductVersion: 6.1.7601.18798
511e08.2044: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
521e08.2044: FileDescription: Windows NT BASE API Client DLL
531e08.2044: \SystemRoot\System32\apisetschema.dll:
541e08.2044: CreationTime: 2015-04-15T14:45:51.332787000Z
551e08.2044: LastWriteTime: 2015-03-17T05:11:07.952000000Z
561e08.2044: ChangeTime: 2015-04-15T16:06:46.885223000Z
571e08.2044: FileAttributes: 0x20
581e08.2044: Size: 0x1a00
591e08.2044: NT Headers: 0xc0
601e08.2044: Timestamp: 0x5507b7b1
611e08.2044: Machine: 0x8664 - amd64
621e08.2044: Timestamp: 0x5507b7b1
631e08.2044: Image Version: 6.1
641e08.2044: SizeOfImage: 0x50000 (327680)
651e08.2044: Resource Dir: 0x30000 LB 0x3f8
661e08.2044: ProductName: Microsoft® Windows® Operating System
671e08.2044: ProductVersion: 6.1.7601.18798
681e08.2044: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
691e08.2044: FileDescription: ApiSet Schema DLL
701e08.2044: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711e08.2044: supR3HardenedWinFindAdversaries: 0x0
721e08.2044: Calling main()
731e08.2044: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
741e08.2044: SUPR3HardenedMain: Respawn #1
751e08.2044: System32: \Device\HarddiskVolume2\Windows\System32
761e08.2044: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
771e08.2044: KnownDllPath: C:\windows\system32
781e08.2044: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
791e08.2044: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
801e08.2044: supR3HardNtEnableThreadCreation:
811e08.2044: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ab690 pvNtTerminateThread=00000000779ce100
821e08.2044: supR3HardenedWinDoReSpawn(1): New child 2078.1350 [kernel32].
831e08.2044: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
841e08.2044: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077980000 uNtDllChildAddr=0000000077980000
851e08.2044: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779ab690
861e08.2044: supR3HardenedWinSetupChildInit: Start child.
871e08.2044: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 3 ms.
881e08.2044: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 26 sleeps
891e08.2044: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
901e08.2044: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
911e08.2044: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
921e08.2044: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
931e08.2044: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
941e08.2044: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
951e08.2044: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
961e08.2044: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
971e08.2044: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
981e08.2044: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
991e08.2044: 0000000000210000-ffffffff88a9ffff 0x0001/0x0000 0x0000000
1001e08.2044: *0000000077980000-000000007797efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1011e08.2044: 0000000077981000-0000000077883fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1021e08.2044: 0000000077a7e000-0000000077a4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1031e08.2044: 0000000077aad000-0000000077aa4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1041e08.2044: 0000000077ab5000-0000000077ab3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1051e08.2044: 0000000077ab6000-0000000077ab2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1061e08.2044: 0000000077ab9000-0000000077a49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1071e08.2044: 0000000077b28000-000000007066ffff 0x0001/0x0000 0x0000000
1081e08.2044: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1091e08.2044: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1101e08.2044: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1111e08.2044: 000000007fff0000-ffffffffc009ffff 0x0001/0x0000 0x0000000
1121e08.2044: *000000013ff40000-000000013ff3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131e08.2044: 000000013ff41000-000000013febcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141e08.2044: 000000013ffc5000-000000013ffc3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151e08.2044: 000000013ffc6000-000000013ff88fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161e08.2044: 0000000140003000-0000000140001fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171e08.2044: 0000000140004000-0000000140002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181e08.2044: 0000000140005000-0000000140002fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1191e08.2044: 0000000140007000-0000000140005fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201e08.2044: 0000000140008000-0000000140006fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211e08.2044: 0000000140009000-0000000140004fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221e08.2044: 000000014000d000-000000013ffd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231e08.2044: 0000000140046000-fffff803803ebfff 0x0001/0x0000 0x0000000
1241e08.2044: *000007feffca0000-000007feffc9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1251e08.2044: 000007feffca1000-000007fdff991fff 0x0001/0x0000 0x0000000
1261e08.2044: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1271e08.2044: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
1281e08.2044: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
1291e08.2044: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1301e08.2044: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1311e08.2044: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
1321e08.2044: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
1331e08.2044: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1341e08.2044: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1351e08.2044: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1361e08.2044: supR3HardNtChildPurify: Done after 305 ms and 0 fixes (loop #0).
1372078.1350: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
1382078.1350: supR3HardenedVmProcessInit: uNtDllAddr=0000000077980000
1392078.1350: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
1402078.1350: New simple heap: #1 0000000000310000 LB 0x400000 (for 1736704 allocation)
1411e08.2044: supR3HardNtEnableThreadCreation:
1422078.1350: System32: \Device\HarddiskVolume2\Windows\System32
1432078.1350: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1442078.1350: KnownDllPath: C:\windows\system32
1452078.1350: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1462078.1350: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1472078.1350: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1482078.1350: Registered Dll notification callback with NTDLL.
1492078.1350: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1502078.1350: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1512078.1350: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1522078.1350: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1532078.1350: supR3HardenedDllNotificationCallback: load 0000000077760000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
1542078.1350: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1552078.1350: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
1562078.1350: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1572078.1350: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1582078.1350: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32\kernel32.dll'
1592078.1350: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ab690 pvNtTerminateThread=00000000779ce100
1601e08.2044: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
1612078.1350: \SystemRoot\System32\ntdll.dll:
1622078.1350: CreationTime: 2015-04-15T14:45:54.472791400Z
1632078.1350: LastWriteTime: 2015-03-17T05:19:37.641771700Z
1642078.1350: ChangeTime: 2015-04-15T16:06:46.885223000Z
1652078.1350: FileAttributes: 0x20
1662078.1350: Size: 0x1a5da0
1672078.1350: NT Headers: 0xe0
1682078.1350: Timestamp: 0x5507b864
1692078.1350: Machine: 0x8664 - amd64
1702078.1350: Timestamp: 0x5507b864
1712078.1350: Image Version: 6.1
1722078.1350: SizeOfImage: 0x1a8000 (1736704)
1732078.1350: Resource Dir: 0x14c000 LB 0x5a028
1742078.1350: ProductName: Microsoft® Windows® Operating System
1752078.1350: ProductVersion: 6.1.7601.18798
1762078.1350: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
1772078.1350: FileDescription: NT Layer DLL
1782078.1350: \SystemRoot\System32\kernel32.dll:
1792078.1350: CreationTime: 2015-04-15T14:45:54.317791100Z
1802078.1350: LastWriteTime: 2015-03-17T05:16:34.921000000Z
1812078.1350: ChangeTime: 2015-04-15T16:06:46.994423200Z
1822078.1350: FileAttributes: 0x20
1832078.1350: Size: 0x11c000
1842078.1350: NT Headers: 0xe8
1852078.1350: Timestamp: 0x5507b879
1862078.1350: Machine: 0x8664 - amd64
1872078.1350: Timestamp: 0x5507b879
1882078.1350: Image Version: 6.1
1892078.1350: SizeOfImage: 0x11f000 (1175552)
1902078.1350: Resource Dir: 0x116000 LB 0x528
1912078.1350: ProductName: Microsoft® Windows® Operating System
1922078.1350: ProductVersion: 6.1.7601.18798
1932078.1350: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
1942078.1350: FileDescription: Windows NT BASE API Client DLL
1952078.1350: \SystemRoot\System32\KernelBase.dll:
1962078.1350: CreationTime: 2015-04-15T14:45:54.362791200Z
1972078.1350: LastWriteTime: 2015-03-17T05:16:34.921000000Z
1982078.1350: ChangeTime: 2015-04-15T16:06:46.994423200Z
1992078.1350: FileAttributes: 0x20
2002078.1350: Size: 0x67a00
2012078.1350: NT Headers: 0xe8
2022078.1350: Timestamp: 0x5507b87a
2032078.1350: Machine: 0x8664 - amd64
2042078.1350: Timestamp: 0x5507b87a
2052078.1350: Image Version: 6.1
2062078.1350: SizeOfImage: 0x6c000 (442368)
2072078.1350: Resource Dir: 0x6a000 LB 0x530
2082078.1350: ProductName: Microsoft® Windows® Operating System
2092078.1350: ProductVersion: 6.1.7601.18798
2102078.1350: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
2112078.1350: FileDescription: Windows NT BASE API Client DLL
2122078.1350: \SystemRoot\System32\apisetschema.dll:
2132078.1350: CreationTime: 2015-04-15T14:45:51.332787000Z
2142078.1350: LastWriteTime: 2015-03-17T05:11:07.952000000Z
2152078.1350: ChangeTime: 2015-04-15T16:06:46.885223000Z
2162078.1350: FileAttributes: 0x20
2172078.1350: Size: 0x1a00
2182078.1350: NT Headers: 0xc0
2192078.1350: Timestamp: 0x5507b7b1
2202078.1350: Machine: 0x8664 - amd64
2212078.1350: Timestamp: 0x5507b7b1
2222078.1350: Image Version: 6.1
2232078.1350: SizeOfImage: 0x50000 (327680)
2242078.1350: Resource Dir: 0x30000 LB 0x3f8
2252078.1350: ProductName: Microsoft® Windows® Operating System
2262078.1350: ProductVersion: 6.1.7601.18798
2272078.1350: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
2282078.1350: FileDescription: ApiSet Schema DLL
2292078.1350: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2302078.1350: supR3HardenedWinFindAdversaries: 0x0
2312078.1350: Calling main()
2322078.1350: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2332078.1350: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2342078.1350: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2352078.1350: SUPR3HardenedMain: Respawn #2
2362078.1350: supR3HardNtEnableThreadCreation:
2372078.1350: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2382078.1350: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2392078.1350: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2402078.1350: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2412078.1350: supR3HardenedDllNotificationCallback: load 000007fefd580000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
2422078.1350: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2432078.1350: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd580000 'C:\windows\system32\apphelp.dll'
2442078.1350: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ab690 pvNtTerminateThread=00000000779ce100
2452078.1350: supR3HardenedWinDoReSpawn(2): New child 113c.16c4 [kernel32].
2462078.1350: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
2472078.1350: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077980000 uNtDllChildAddr=0000000077980000
2482078.1350: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779ab690
2492078.1350: supR3HardenedWinSetupChildInit: Start child.
2502078.1350: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2512078.1350: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
2522078.1350: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2532078.1350: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2542078.1350: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2552078.1350: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2562078.1350: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2572078.1350: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2582078.1350: 0000000000041000-ffffffffffef1fff 0x0001/0x0000 0x0000000
2592078.1350: *0000000000190000-0000000000093fff 0x0000/0x0004 0x0020000
2602078.1350: 000000000028c000-0000000000288fff 0x0104/0x0004 0x0020000
2612078.1350: 000000000028f000-000000000028dfff 0x0004/0x0004 0x0020000
2622078.1350: 0000000000290000-ffffffff88b9ffff 0x0001/0x0000 0x0000000
2632078.1350: *0000000077980000-000000007797efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2642078.1350: 0000000077981000-0000000077883fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2652078.1350: 0000000077a7e000-0000000077a4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2662078.1350: 0000000077aad000-0000000077aa4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2672078.1350: 0000000077ab5000-0000000077ab3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2682078.1350: 0000000077ab6000-0000000077ab2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2692078.1350: 0000000077ab9000-0000000077a49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2702078.1350: 0000000077b28000-000000007066ffff 0x0001/0x0000 0x0000000
2712078.1350: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2722078.1350: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2732078.1350: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2742078.1350: 000000007fff0000-ffffffffc009ffff 0x0001/0x0000 0x0000000
2752078.1350: *000000013ff40000-000000013ff3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2762078.1350: 000000013ff41000-000000013febcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2772078.1350: 000000013ffc5000-000000013ffc3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2782078.1350: 000000013ffc6000-000000013ff88fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2792078.1350: 0000000140003000-0000000140001fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2802078.1350: 0000000140004000-0000000140002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2812078.1350: 0000000140005000-0000000140002fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2822078.1350: 0000000140007000-0000000140005fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2832078.1350: 0000000140008000-0000000140006fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2842078.1350: 0000000140009000-0000000140004fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2852078.1350: 000000014000d000-000000013ffd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2862078.1350: 0000000140046000-fffff803803ebfff 0x0001/0x0000 0x0000000
2872078.1350: *000007feffca0000-000007feffc9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2882078.1350: 000007feffca1000-000007fdff991fff 0x0001/0x0000 0x0000000
2892078.1350: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2902078.1350: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
2912078.1350: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
2922078.1350: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
2932078.1350: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
2942078.1350: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2952078.1350: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
2962078.1350: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
2972078.1350: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2982078.1350: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2992078.1350: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3002078.1350: supR3HardNtChildPurify: Done after 300 ms and 0 fixes (loop #0).
301113c.16c4: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
302113c.16c4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077980000
303113c.16c4: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
304113c.16c4: New simple heap: #1 0000000000290000 LB 0x400000 (for 1736704 allocation)
3052078.1350: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
3062078.1350: supR3HardNtEnableThreadCreation:
307113c.16c4: System32: \Device\HarddiskVolume2\Windows\System32
308113c.16c4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
309113c.16c4: KnownDllPath: C:\windows\system32
310113c.16c4: supR3HardenedVmProcessInit: Opening vboxdrv...
311113c.16c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
312113c.16c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
313113c.16c4: Registered Dll notification callback with NTDLL.
314113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
315113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
316113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
317113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
318113c.16c4: supR3HardenedDllNotificationCallback: load 0000000077760000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
319113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
320113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
321113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
322113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
323113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32\kernel32.dll'
324113c.16c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ab690 pvNtTerminateThread=00000000779ce100
3252078.1350: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 34 ms.
326113c.16c4: \SystemRoot\System32\ntdll.dll:
327113c.16c4: CreationTime: 2015-04-15T14:45:54.472791400Z
328113c.16c4: LastWriteTime: 2015-03-17T05:19:37.641771700Z
329113c.16c4: ChangeTime: 2015-04-15T16:06:46.885223000Z
330113c.16c4: FileAttributes: 0x20
331113c.16c4: Size: 0x1a5da0
332113c.16c4: NT Headers: 0xe0
333113c.16c4: Timestamp: 0x5507b864
334113c.16c4: Machine: 0x8664 - amd64
335113c.16c4: Timestamp: 0x5507b864
336113c.16c4: Image Version: 6.1
337113c.16c4: SizeOfImage: 0x1a8000 (1736704)
338113c.16c4: Resource Dir: 0x14c000 LB 0x5a028
339113c.16c4: ProductName: Microsoft® Windows® Operating System
340113c.16c4: ProductVersion: 6.1.7601.18798
341113c.16c4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
342113c.16c4: FileDescription: NT Layer DLL
343113c.16c4: \SystemRoot\System32\kernel32.dll:
344113c.16c4: CreationTime: 2015-04-15T14:45:54.317791100Z
345113c.16c4: LastWriteTime: 2015-03-17T05:16:34.921000000Z
346113c.16c4: ChangeTime: 2015-04-15T16:06:46.994423200Z
347113c.16c4: FileAttributes: 0x20
348113c.16c4: Size: 0x11c000
349113c.16c4: NT Headers: 0xe8
350113c.16c4: Timestamp: 0x5507b879
351113c.16c4: Machine: 0x8664 - amd64
352113c.16c4: Timestamp: 0x5507b879
353113c.16c4: Image Version: 6.1
354113c.16c4: SizeOfImage: 0x11f000 (1175552)
355113c.16c4: Resource Dir: 0x116000 LB 0x528
356113c.16c4: ProductName: Microsoft® Windows® Operating System
357113c.16c4: ProductVersion: 6.1.7601.18798
358113c.16c4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
359113c.16c4: FileDescription: Windows NT BASE API Client DLL
360113c.16c4: \SystemRoot\System32\KernelBase.dll:
361113c.16c4: CreationTime: 2015-04-15T14:45:54.362791200Z
362113c.16c4: LastWriteTime: 2015-03-17T05:16:34.921000000Z
363113c.16c4: ChangeTime: 2015-04-15T16:06:46.994423200Z
364113c.16c4: FileAttributes: 0x20
365113c.16c4: Size: 0x67a00
366113c.16c4: NT Headers: 0xe8
367113c.16c4: Timestamp: 0x5507b87a
368113c.16c4: Machine: 0x8664 - amd64
369113c.16c4: Timestamp: 0x5507b87a
370113c.16c4: Image Version: 6.1
371113c.16c4: SizeOfImage: 0x6c000 (442368)
372113c.16c4: Resource Dir: 0x6a000 LB 0x530
373113c.16c4: ProductName: Microsoft® Windows® Operating System
374113c.16c4: ProductVersion: 6.1.7601.18798
375113c.16c4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
376113c.16c4: FileDescription: Windows NT BASE API Client DLL
377113c.16c4: \SystemRoot\System32\apisetschema.dll:
378113c.16c4: CreationTime: 2015-04-15T14:45:51.332787000Z
379113c.16c4: LastWriteTime: 2015-03-17T05:11:07.952000000Z
380113c.16c4: ChangeTime: 2015-04-15T16:06:46.885223000Z
381113c.16c4: FileAttributes: 0x20
382113c.16c4: Size: 0x1a00
383113c.16c4: NT Headers: 0xc0
384113c.16c4: Timestamp: 0x5507b7b1
385113c.16c4: Machine: 0x8664 - amd64
386113c.16c4: Timestamp: 0x5507b7b1
387113c.16c4: Image Version: 6.1
388113c.16c4: SizeOfImage: 0x50000 (327680)
389113c.16c4: Resource Dir: 0x30000 LB 0x3f8
390113c.16c4: ProductName: Microsoft® Windows® Operating System
391113c.16c4: ProductVersion: 6.1.7601.18798
392113c.16c4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
393113c.16c4: FileDescription: ApiSet Schema DLL
394113c.16c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
395113c.16c4: supR3HardenedWinFindAdversaries: 0x0
396113c.16c4: Calling main()
397113c.16c4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
398113c.16c4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
399113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
400113c.16c4: SUPR3HardenedMain: Final process, opening VBoxDrv...
401113c.16c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
402113c.16c4: supR3HardNtEnableThreadCreation:
403113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
404113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
405113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714e70:C:\windows\system32 [calling]
406113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
407113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefaa30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
408113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
409113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
410113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
411113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
412113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
413113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
414113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
415113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
416113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
417113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
418113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
419113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
420113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
421113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
422113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
423113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
424113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
425113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
426113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
427113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
428113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
429113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
430113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
431113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
432113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
433113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
434113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
435113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
436113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
437113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
438113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
439113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
440113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
441113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
442113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
443113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
444113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
445113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
446113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714e70:C:\windows\system32 [calling]
447113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
448113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
449113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
450113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdb00000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
451113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
452113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
453113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
454113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd750000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
455113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
456113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdfc0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
457113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
458113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd950000 'C:\windows\system32\Wintrust.dll'
459113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
460113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
461113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
462113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
463113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
464113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
465113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\CRYPTSP.dll'
466113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
467113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
468113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
469113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
470113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
471113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
472113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
473113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
474113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
475113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
476113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\windows\system32\rsaenh.dll'
477113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
478113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
479113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
480113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
481113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
482113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
483113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
484113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
485113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
486113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
487113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
488113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
489113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefde10000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
490113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
491113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
492113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
493113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
494113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
495113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe0f0000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
496113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
497113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
498113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
499113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
500113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
501113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
502113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
503113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
504113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
505113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
506113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
507113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
508113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd5e0000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
509113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
510113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\windows\system32\CRYPTBASE.dll'
511113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
512113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
513113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32\kernel32.dll'
514113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
515113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
516113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd950000 'C:\windows\system32\WINTRUST.DLL'
517113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
518113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
519113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\windows\system32\CRYPT32.dll'
520113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
521113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
522113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
523113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
524113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
525113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
526113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
527113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
528113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
529113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
530113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
531113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
532113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe1b0000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
533113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
534113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1b0000 'C:\windows\system32\imagehlp.dll'
535113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
536113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
537113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\CRYPTSP.dll'
538113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
539113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
540113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
541113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
542113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
543113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
544113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
545113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
546113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
547113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
548113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
549113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
550113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
551113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
552113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
553113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
554113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
555113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
556113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
557113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
558113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
559113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
560113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
561113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
562113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
563113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
564113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
565113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
566113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
567113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
568113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
569113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
570113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
571113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
572113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
573113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
574113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
575113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
576113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
577113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
578113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
579113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
580113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
581113c.16c4: supR3HardenedDllNotificationCallback: load 0000000077880000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
582113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
583113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdc00000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
584113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
585113c.16c4: supR3HardenedDllNotificationCallback: load 000007feff910000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
586113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
587113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe270000 LB 0x000c9000 C:\windows\system32\USP10.dll [fFlags=0x0]
588113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
589113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
590113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
591113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\windows\system32\gdi32.dll'
592113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
593113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
594113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
595113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
596113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
597113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
598113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
599113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
600113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
601113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
602113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
603113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
604113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
605113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
606113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
607113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
608113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
609113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
610113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
611113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
612113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
613113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
614113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
615113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
616113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
617113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
618113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
619113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
620113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
621113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
622113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
623113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
624113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
625113c.16c4: supR3HardenedDllNotificationCallback: load 000007feffa00000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
626113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
627113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe590000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
628113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
629113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa00000 'C:\windows\system32\IMM32.DLL'
630113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\windows\system32\USER32.dll'
631113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
632113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
633113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
634113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
635113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
636113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
637113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
638113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
639113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
640113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
641113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
642113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
643113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
644113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
645113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
646113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
647113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
648113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd100000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
649113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
650113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
651113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
652113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
653113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\windows\system32\ncrypt.dll'
654113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
655113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
656113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
657113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
658113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
659113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
660113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
661113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
662113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
663113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
664113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
665113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
666113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefcbc0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
667113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
668113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbc0000 'C:\windows\system32\bcryptprimitives.dll'
669113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
670113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
671113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\windows\system32\bcrypt.dll'
672113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
673113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
674113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
675113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
676113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
677113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
678113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
679113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
680113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
681113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
682113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
683113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
684113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
685113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
686113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
687113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
688113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
689113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
690113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
691113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
692113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
693113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd9a0000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
694113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
695113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd740000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
696113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
697113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\windows\system32\USERENV.dll'
698113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
699113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
700113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
701113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
702113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
703113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
704113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
705113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
706113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
707113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
708113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
709113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
710113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
711113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
712113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
713113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
714113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefc9f0000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
715113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
716113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9f0000 'C:\windows\system32\GPAPI.dll'
717113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
718113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
719113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
721113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\windows\system32\rpcrt4.dll'
722113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
723113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
724113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
725113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
726113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
727113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
728113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
729113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
730113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
731113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
732113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
733113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
734113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
735113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
736113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
737113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
738113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
739113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
740113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
741113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
742113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
743113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
744113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
745113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
746113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
747113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
748113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
749113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
750113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
751113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef8fd0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
752113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
753113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
754113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
755113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
756113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
757113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
758113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
759113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
760113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
761113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
763113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
764113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
766113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
767113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
769113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
770113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
772113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
773113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
775113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
777113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
778113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
779113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
781113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
783113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
784113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
786113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
787113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
788113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
789113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
790113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\windows\system32\profapi.dll'
791113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
792113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
793113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
794113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
795113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
796113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
797113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
798113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
799113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
800113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
801113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
802113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
803113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
804113c.16c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
805113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
806113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
807113c.16c4: supR3HardenedDllNotificationCallback: load 000007feffa30000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
808113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
809113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa30000 'C:\windows\system32\SHLWAPI.dll'
810113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
811113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002be7390
812113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
813113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0CF27465443C34B4834B9578EF0D5E85CCDCA8FB
814113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
815113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
816113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
817113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
818113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
819113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
820113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
821113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
822113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
823113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
824113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
825113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
826113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
827113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
828113c.16c4: g_pfnWinVerifyTrust=000007fefd951010
829113c.16c4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
830113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
831113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
832113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
833113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B757256DD06374F77FF8DC61E1FEC0E93F3DF2F3
834113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_192_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
835113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
836113c.16c4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
837113c.16c4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
838113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
839113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
840113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
841113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D66460DAFA96F2CF96829A002753DECB7ED7CF
842113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
843113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
844113c.16c4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
845113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
846113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
847113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
848113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
849113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
850113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
851113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
852113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
853113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
854113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
855113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
856113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
857113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
858113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
859113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
860113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
861113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
862113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2545617940C2A353D1E2B307B3C55DF27B1EEBE9
863113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
864113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
865113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
866113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000268 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
867113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
868113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
869113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
870113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
871113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
872113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
873113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
874113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
875113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
876113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
877113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
878113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
879113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
880113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
881113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
882113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
883113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
884113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
885113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
886113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
887113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
888113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
889113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
890113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
891113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
892113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
893113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
894113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
895113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
896113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
897113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
898113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F11FC56A83EE70C3BF8B3C8B0314EB87575055B
899113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
900113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
901113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
902113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
903113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
904113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
905113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
906113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
907113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
908113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
909113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
910113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
911113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
912113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
913113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
914113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
915113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
916113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
917113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
918113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
919113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
920113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
921113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
922113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
923113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
924113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
925113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
926113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9BD2F77F6F16827206A18B4C9CB5FCFA62A60CF
927113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
928113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
929113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
930113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
931113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
932113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
933113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1707E74860DCBF0241835EF4A1E7C39B40ED3ACA
934113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3046306~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
935113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
936113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
937113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
938113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
939113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
940113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
941113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
942113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
943113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
944113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
945113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
946113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
947113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
948113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
949113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
950113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
951113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
952113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
953113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
954113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
955113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
956113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
957113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
958113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
959113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
960113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
961113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
962113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
963113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
964113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
965113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
966113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
967113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
968113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
969113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
970113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
971113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
972113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
973113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
974113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
975113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
976113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
977113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
978113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
979113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
980113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
981113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
982113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
983113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
984113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
985113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
986113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
987113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
988113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
989113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
990113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
991113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
992113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
993113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
994113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
995113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
996113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
997113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
998113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
999113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1000113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1001113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1002113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1003113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1004113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1005113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2703E04E5F64FCA33765E53C5EB160799413C2FA
1006113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1007113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1008113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1009113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1010113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1011113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1012113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39F531406FFFC9A8725E241096C684DBB516132
1013113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1014113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1015113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1016113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1017113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c682e0:C:\windows\system32 [calling]
1018113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\windows\system32\crypt32.dll'
1019113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1020113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1021113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1022113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1023113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1024113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1025113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1026113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1027113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
1028113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1029113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1030113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1031113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1032113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1033113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1034113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1035113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1036113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1037113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1038113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1039113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1040113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1041113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1042113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1043113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1044113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1045113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1046113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1047113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1048113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1049113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1050113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1051113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1052113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1053113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1054113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1055113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1056113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
1057113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1058113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1059113c.16c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1060113c.16c4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
1061113c.16c4: SUPR3HardenedMain: Load Runtime...
1062113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1063113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1064113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1065113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1066113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1067113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1068113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1069113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1070113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1071113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1072113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1073113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1074113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1075113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1076113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1077113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1078113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1079113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1080113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1081113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1082113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1083113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1084113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1085113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1086113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1087113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1088113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1089113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1090113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1091113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1092113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1093113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1094113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1095113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1096113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1097113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1098113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1099113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1100113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1101113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1102113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1103113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1104113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1105113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1106113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1107113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1108113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1109113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1110113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1111113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1112113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1113113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1114113c.16c4: supR3HardenedDllNotificationCallback: load 000007fee1190000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1115113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1116113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1117113c.16c4: supR3HardenedDllNotificationCallback: load 000000005cab0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1118113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1119113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1120113c.16c4: supR3HardenedDllNotificationCallback: load 000000005ca10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1121113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1122113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
1123113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1124113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
1125113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1126113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1127113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1128113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1129113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1130113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1131113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1132113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1133113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1134113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1136113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1137113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1139113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1140113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1142113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1143113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1144113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1145113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1152113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1153113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1170113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000715bd0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Micro Focus\Net Express 5.1\Packages;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Nmap [calling]
1171113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1175113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1176113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6a560:C:\windows\system32 [calling]
1177113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd950000 'C:\windows\system32\Wintrust.dll'
1178113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1179113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6a560:C:\windows\system32 [calling]
1180113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\windows\system32\crypt32.dll'
1181113c.16c4: SUPR3HardenedMain: Load TrustedMain...
1182113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1183113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1184113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1185113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1186113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1187113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1188113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1189113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1190113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1191113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1192113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1193113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1194113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1195113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1196113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1197113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1198113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1199113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1200113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1201113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1202113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1203113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1204113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1205113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1206113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1207113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1209113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1210113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1211113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1212113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1213113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1214113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1215113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1216113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1217113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1218113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1219113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1220113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1221113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1222113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1223113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1224113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1225113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1226113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1227113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1228113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1229113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1230113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1231113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1232113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1233113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1234113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1235113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1236113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1237113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1238113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1239113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1240113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1241113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1242113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1243113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1244113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1245113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1246113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1247113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1248113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1249113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1250113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1251113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1252113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1253113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1254113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1255113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1256113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1257113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1258113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1259113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1260113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1261113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1262113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1263113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1264113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1265113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1266113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1267113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1268113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1269113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1270113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1271113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1272113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1273113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1274113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1275113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1276113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1277113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1278113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1279113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1280113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1281113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1282113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1283113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1284113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1285113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1286113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1287113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1288113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1289113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1290113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1291113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1292113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1293113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1294113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1295113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1296113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1297113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1298113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1299113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1300113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1301113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1302113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1303113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1304113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1305113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1306113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1307113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1308113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1309113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1310113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1311113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1312113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1313113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1314113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1315113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1316113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1317113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1318113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1319113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1320113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1321113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1322113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1323113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1324113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1325113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1326113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1327113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1328113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1329113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1330113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1331113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1332113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1333113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1334113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1335113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1336113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1337113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1338113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1339113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1340113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1341113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1342113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1343113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1344113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1345113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1346113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1347113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1348113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1349113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1350113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1351113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1352113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1353113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1354113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1355113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1356113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1357113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1358113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1359113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1360113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1361113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1362113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1363113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1364113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1365113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1366113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1367113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1368113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1369113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1370113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1371113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1372113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1373113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1374113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1375113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1376113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1377113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1378113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1379113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1380113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1381113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1382113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1383113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1384113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1385113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1386113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1387113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1388113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1389113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1390113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1391113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1392113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1393113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1394113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1395113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1396113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1397113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1398113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1399113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1400113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1401113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1402113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1403113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1404113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1405113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1406113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1407113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1408113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1409113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1410113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1411113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1412113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1413113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1414113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1415113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1416113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1417113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1418113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1419113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1420113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1421113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1422113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1423113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1424113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1425113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1426113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1427113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1428113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1429113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1430113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1431113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1432113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1433113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1434113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1435113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1436113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1437113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1438113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1439113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1440113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1441113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1442113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1443113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1444113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1445113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1446113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1447113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1448113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1449113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1450113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1451113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1452113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1453113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1454113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1455113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1456113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1457113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1458113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1459113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1460113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1461113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1462113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1463113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1464113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1465113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1466113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1467113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1468113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1469113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1470113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1471113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1472113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1473113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1474113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1475113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1476113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1477113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1478113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1479113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1480113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1481113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1482113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1483113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1484113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1485113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1486113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1487113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1488113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1489113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1490113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1491113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1494113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1495113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1496113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1497113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1498113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1499113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1500113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1501113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1502113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1503113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1504113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1505113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1506113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1507113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1508113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1509113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1510113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1511113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1512113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1513113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1514113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1515113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1516113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1517113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1518113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1519113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1520113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1521113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1522113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1523113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1524113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1525113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1526113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1529113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1530113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1531113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1532113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1533113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1534113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1535113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1536113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1537113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1538113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1539113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1540113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1541113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1542113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1543113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1544113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1545113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1546113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1547113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1548113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1549113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1550113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1551113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1552113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1553113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1554113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1555113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C408F88301F22BE596490B4A80BD2E09034763B4
1556113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1557113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1558113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1559113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1560113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1561113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1562113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1563113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1564113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1565113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1566113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1567113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1568113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1569113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1570113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1571113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1572113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1573113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1574113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1575113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1576113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1577113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1578113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1579113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1580113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1581113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1582113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1583113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1584113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1585113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1586113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1587113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C17410BD716DCF557221B982F7A015B5B6AC2B4
1588113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1589113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1590113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1591113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1592113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1593113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1594113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1595113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1596113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1597113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1598113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1599113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1600113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1601113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1604113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1605113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1606113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1607113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1608113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1609113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1610113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1611113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1612113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1613113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1614113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1615113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1616113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1617113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1618113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1619113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1620113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1623113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1624113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1625113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1626113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1627113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1628113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1629113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1630113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1631113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1632113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1633113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1634113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1635113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1636113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1637113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1638113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1639113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1640113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1641113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1642113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1643113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1644113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1645113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1646113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1647113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1648113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1649113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1650113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1651113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1652113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1653113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1654113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1655113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1656113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1657113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1658113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1659113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1660113c.16c4: supR3HardenedDllNotificationCallback: load 000007fee0910000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1661113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1662113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1663113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef0700000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
1664113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1665113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1666113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefaa00000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
1667113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1668113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1669113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef4920000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
1670113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1671113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1672113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefa8f0000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
1673113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1674113c.16c4: supR3HardenedDllNotificationCallback: load 000007feffab0000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
1675113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1676113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
1677113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1678113c.16c4: supR3HardenedDllNotificationCallback: load 000007feff920000 LB 0x000d7000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
1679113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1680113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe6a0000 LB 0x00203000 C:\windows\system32\ole32.dll [fFlags=0x0]
1681113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1682113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefdad0000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
1683113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1684113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1685113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefae10000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
1686113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1687113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1688113c.16c4: supR3HardenedDllNotificationCallback: load 000000005c730000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1689113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1690113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1691113c.16c4: supR3HardenedDllNotificationCallback: load 000000005bdc0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1692113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1693113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe110000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
1694113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1695113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1696113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1697113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1698113c.16c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
1699113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
1700113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef9e80000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
1701113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
1702113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefeb80000 LB 0x00d89000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
1703113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1704113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1705113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefb710000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
1706113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1707113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1708113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef53c0000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
1709113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1710113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1711113c.16c4: supR3HardenedDllNotificationCallback: load 000000005bcb0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1712113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1713113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1714113c.16c4: supR3HardenedDllNotificationCallback: load 000000005bbd0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1715113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1716113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
1717113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1718113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1719113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1720113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
1721113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1722113c.16c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
1723113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1724113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1725113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1726113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1727113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1728113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1729113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1730113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da4a0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1731113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa00000 'C:\windows\system32\imm32.dll'
1732113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0910000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1733113c.16c4: SUPR3HardenedMain: Calling TrustedMain (000007fee0911ca0)...
1734113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1735113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1736113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
1737113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005bc pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1738113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1739113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1740113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1741113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1742113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1743113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1744113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1745113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1746113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
1747113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1748113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1749113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1750113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1751113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1752113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1753113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1754113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdb2d0:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1755113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1756113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefb750000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
1757113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1758113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1759113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1760113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdb2d0:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1761113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1762113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1763113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdbbc0:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1764113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1765113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1766113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdbbc0:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1767113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1768113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1769113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1770113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae10000 'C:\windows\system32\dwmapi.dll'
1771113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1772113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1773113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\windows\system32\CRYPTBASE.dll'
1774113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1775113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1776113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
1777113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1778113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1779113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32\kernel32.dll'
1780113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1781113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1782113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1783113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1784113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1785113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1786113c.16c4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
1787113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1788113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
1789113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\windows\system32\user32.dll'
1790113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1791113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1792113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\windows\system32\uxtheme.dll'
1793113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\windows\system32\user32.dll'
1794113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\advapi32.dll'
1795113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1796113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1797113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\windows\system32\userenv.dll'
1798113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1799113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1800113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32\kernel32.dll'
1801113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1802113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1803113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1804113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1805113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1806113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1807113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1808113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1809113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1810113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1811113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1812113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1813113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
1814113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1815113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1816113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1817113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1818113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1819113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1820113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1821113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1822113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1823113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1824113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1825113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1826113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1827113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1828113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1829113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1830113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da0b0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1831113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1832113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefe1d0000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
1833113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1834113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\windows\system32\CLBCatQ.DLL'
1835113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1836113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da800:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1837113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
1838113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1839113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da800:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1840113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\CRYPTSP.dll'
1841113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000630 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1842113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1843113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1844113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1845113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1846113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1847113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1848113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
1849113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1850113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1851113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1852113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da800:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1853113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1854113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd690000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
1855113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1856113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd690000 'C:\windows\system32\RpcRtRemote.dll'
1857113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1858113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdbc70:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1859113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff920000 'C:\Windows\system32\oleaut32.dll'
1860113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1861113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1862113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1863113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
1864113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1865113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1866113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
1867113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1868113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007da920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1869113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1870113c.16c4: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x00091000 C:\windows\system32\SXS.DLL [fFlags=0x0]
1871113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1872113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\windows\system32\SXS.DLL'
1873113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
1874113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1875113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007daf50:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1876113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff920000 'C:\windows\system32\OLEAUT32.dll'
1877113c.16c4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
1878113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007daec0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1879113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
1880113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\windows\system32\gdi32.dll'
1881113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1882113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1883113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1884113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1885113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1886113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1887113c.235c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1888113c.235c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
1889113c.235c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1890113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1891113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1892113c.235c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1893113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1894113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1895113c.235c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1896113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1897113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1898113c.235c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1899113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1900113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1901113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1902113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1903113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1904113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1905113c.235c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1906113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1907113c.235c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1908113c.235c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f75d0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1909113c.235c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1910113c.235c: supR3HardenedDllNotificationCallback: load 000007fedfc10000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1911113c.235c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1912113c.235c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfc10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1913113c.10c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1914113c.10c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1915113c.10c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
1916113c.10c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1917113c.10c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1918113c.10c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1919113c.10c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1920113c.10c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1921113c.10c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1922113c.10c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1923113c.10c8: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
1924113c.10c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1925113c.10c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
1926113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\windows\system32\user32.dll'
1927113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1928113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007daad0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1929113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
1930113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
1931113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1932113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007daad0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1933113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
1934113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1935113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d6d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1936113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
1937113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1938113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d6d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1939113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
1940113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1941113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d6d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1942113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
1943113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1944113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d6d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1945113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff920000 'C:\windows\system32\OLEAUT32.dll'
1946113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1947113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1948113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1949113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
1950113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1951113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1952113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1953113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
1954113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1955113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1956113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1957113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1958113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
1959113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1960113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1961113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1962113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1963113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1964113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1965113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1966113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1967113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1968113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1969113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1970113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1971113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1972113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
1973113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
1974113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
1975113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1976113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1977113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1978113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
1979113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1980113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1981113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
1982113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
1983113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1984113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1985113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1986113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1987113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1988113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1989113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1990113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1991113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1992113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1993113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1994113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1995113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1996113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1997113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1998113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be8060:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1999113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2000113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef56f0000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2001113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2002113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2003113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef5700000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
2004113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2005113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef56f0000 'C:\windows\system32\wbem\wbemprox.dll'
2006113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a3c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2007113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2008113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2009113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2010113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2011113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2012113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2013113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2014113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2015113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2016113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2017113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2018113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2019113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2020113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be8060:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2021113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2022113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef4e80000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2023113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2024113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4e80000 'C:\windows\system32\wbem\wbemsvc.dll'
2025113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2026113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2027113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2028113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2029113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2030113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2031113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2032113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2033113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2034113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2035113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2036113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2037113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2038113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2039113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2040113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2041113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2042113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2043113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2044113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2045113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2046113c.16c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2047113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2048113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2049113c.16c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2050113c.16c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
2051113c.16c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2052113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2053113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2054113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2055113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2056113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2057113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2058113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2059113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2060113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2061113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2062113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2063113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2064113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2065113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2066113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2067113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2068113c.16c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2069113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2070113c.16c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2071113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be8060:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2072113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2073113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef5220000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
2074113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2075113c.16c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2076113c.16c4: supR3HardenedDllNotificationCallback: load 000007fef51f0000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
2077113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2078113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5220000 'C:\windows\system32\wbem\fastprox.dll'
2079113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff920000 'C:\windows\system32\OLEAUT32.dll'
2080113c.16c4: supR3HardenedMonitor_LdrLoadDll: 'C:\windows\system32\comctl32.dll' -> 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
2081113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2082113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000482dbe0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2083113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9e80000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2084113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2085113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dbe0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2086113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\WINMM.dll'
2087113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2088113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2089113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2090113c.1eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
2091113c.1eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2092113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2093113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2094113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2095113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2096113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2097113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2098113c.1eac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2099113c.1eac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
2100113c.1eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2101113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2102113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2103113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2104113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2105113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2106113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2107113c.1eac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2108113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2109113c.1eac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2110113c.1eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2111113c.1eac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2112113c.1eac: supR3HardenedDllNotificationCallback: load 000007fedf5a0000 LB 0x00261000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2113113c.1eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2114113c.1eac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2115113c.1eac: supR3HardenedDllNotificationCallback: load 000000006b170000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2116113c.1eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2117113c.1eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2118113c.1ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2119113c.1ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2120113c.1ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2121113c.1ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2122113c.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2123113c.1ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2124113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2125113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2126113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2127113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2128113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2129113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2130113c.1ed4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2131113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2132113c.1ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2133113c.1ed4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2134113c.1ed4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2135113c.1ed4: supR3HardenedDllNotificationCallback: load 000007fefab10000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2136113c.1ed4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2137113c.1ed4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2138113c.15a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2139113c.15a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2140113c.15a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2141113c.15a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2142113c.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2143113c.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2144113c.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2145113c.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2146113c.15a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2147113c.15a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2148113c.15a8: supR3HardenedDllNotificationCallback: load 000007fefb8d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2149113c.15a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2150113c.15a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2151113c.2210: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2152113c.2210: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2153113c.2210: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2154113c.2210: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
2155113c.2210: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2156113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2157113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2158113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2159113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2160113c.2210: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2161113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2162113c.2210: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2163113c.2210: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2164113c.2210: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2165113c.2210: supR3HardenedDllNotificationCallback: load 000007fefab00000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2166113c.2210: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2167113c.2210: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab00000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2168113c.1f90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2169113c.1f90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2170113c.1f90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2171113c.1f90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
2172113c.1f90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2173113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2174113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2175113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2176113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2177113c.1f90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2178113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2179113c.1f90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2180113c.1f90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2181113c.1f90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2182113c.1f90: supR3HardenedDllNotificationCallback: load 000007fefaaf0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2183113c.1f90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2184113c.1f90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaaf0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2185113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2186113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2187113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32/Shell32.dll'
2188113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
2189113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2190113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2191113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2192113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2193113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\windows\system32\profapi.dll'
2194113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2195113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2196113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2197113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2198113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2199113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2200113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2201113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2202113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
2203113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2204113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2205113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2206113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2207113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2208113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2209113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2210113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2211113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2212113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2213113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2214113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2215113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2216113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2217113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0880000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2218113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2219113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0880000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2220113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0880000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2221113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2222113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2223113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2224113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2225113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2226113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2227113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2228113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2229113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2230113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2231113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
2232113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2233113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2234113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2235113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2236113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2237113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2238113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2239113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2240113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2241113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2242113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2243113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2244113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2245113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2246113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2247113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2248113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2249113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2250113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2251113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2252113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2253113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2254113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2255113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2256113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2257113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2258113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2259113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2260113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2261113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2262113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
2263113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2264113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2265113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2266113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2267113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2268113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2269113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2270113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2271113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2272113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
2273113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2274113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2275113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2276113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2277113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2278113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2279113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2280113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2281113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2282113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2283113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2284113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2285113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c68 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2286113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2287113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2288113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2289113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2290113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2291113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2292113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2293113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2294113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2295113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2296113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2297113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2298113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
2299113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2300113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2301113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2302113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2303113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2304113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2305113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2306113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2307113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2308113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2309113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2310113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2311113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2312113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2313113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2314113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2315113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2316113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2317113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2318113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2319113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2320113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c54 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2321113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2322113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2323113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2324113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2325113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2326113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2327113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2328113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2329113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust
2330113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2331113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2332113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2333113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2334113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2335113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2336113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2337113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2338113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2339113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2340113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2341113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2342113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2343113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2344113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2345113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2346113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2347113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2348113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2349113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2350113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2351113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2352113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2353113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2354113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2355113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2356113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2357113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2358113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2359113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2360113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2361113c.2058: supR3HardenedDllNotificationCallback: load 000007fedecc0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2362113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2363113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2364113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0690000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2365113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2366113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2367113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0d70000 LB 0x00051000 C:\windows\system32\newdev.dll [fFlags=0x0]
2368113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2369113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2370113c.2058: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2371113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2372113c.2058: supR3HardenedDllNotificationCallback: load 000007fefca10000 LB 0x00012000 C:\windows\system32\devrtl.DLL [fFlags=0x0]
2373113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2374113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2375113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0880000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2376113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2377113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2378113c.2058: supR3HardenedDllNotificationCallback: load 000007fefbd30000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2379113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2380113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2381113c.2058: supR3HardenedDllNotificationCallback: load 000007fefbd10000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
2382113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2383113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedecc0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2384113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c74 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2385113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2386113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2387113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2388113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2389113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2390113c.2058: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2391113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2392113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2393113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2394113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2395113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2396113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0840000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2397113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2398113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0840000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2399113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2400113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2401113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2402113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfc10000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2403113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2404113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2405113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2406113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0880000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2407113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2408113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2409113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
2410113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2411113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2412113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2413113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2414113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2415113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2416113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2417113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0b70000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2418113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2419113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0b70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
2420113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2421113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2422113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
2423113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2424113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2425113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2426113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2427113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2428113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2429113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2430113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0820000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2431113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2432113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0820000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
2433113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2434113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2435113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
2436113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2437113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2438113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2439113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2440113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2441113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2442113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2443113c.2058: supR3HardenedDllNotificationCallback: load 000007fef0610000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2444113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2445113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0610000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
2446113c.1714: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2447113c.1714: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2448113c.1714: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2449113c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
2450113c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2451113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2452113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2453113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2454113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2455113c.1714: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2456113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2457113c.1714: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2458113c.1714: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2459113c.1714: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2460113c.1714: supR3HardenedDllNotificationCallback: load 000007fefaae0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2461113c.1714: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2462113c.1714: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2463113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2464113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2465113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
2466113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2467113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2468113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2469113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2470113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2471113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2472113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2473113c.2058: supR3HardenedDllNotificationCallback: load 000007fefa9d0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2474113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2475113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
2476113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2477113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2478113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2479113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd30000 'C:\windows\system32/Iphlpapi.dll'
2480113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2481113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2482113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2483113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
2484113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2485113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2486113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2487113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2488113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2489113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2490113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)WinVerifyTrust
2491113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2492113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2493113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2494113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2495113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2496113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2497113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2498113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2499113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2500113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2501113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dd90:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2502113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2503113c.2058: supR3HardenedDllNotificationCallback: load 000007fefb920000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
2504113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2505113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb920000 'C:\windows\system32\dhcpcsvc.DLL'
2506113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2507113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dd90:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2508113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd30000 'C:\windows\system32\IPHLPAPI.DLL'
2509113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dcc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2510113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2511113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2512113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
2513113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2514113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2515113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2516113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2517113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2518113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)WinVerifyTrust
2519113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2520113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2521113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2522113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2523113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2524113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2525113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2526113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dd90:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2527113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2528113c.2058: supR3HardenedDllNotificationCallback: load 000007fefb900000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
2529113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2530113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb900000 'C:\windows\system32\dhcpcsvc6.DLL'
2531113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2532113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482dd90:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2533113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd30000 'C:\windows\system32\IPHLPAPI.DLL'
2534113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e48 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2535113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2536113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2537113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2538113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2539113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2540113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2541113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2542113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2543113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2544113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2545113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2546113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
2547113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2548113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2549113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2550113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2551113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2552113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2553113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2554113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2555113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2556113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2557113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2558113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2559113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
2560113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2561113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2562113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2563113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2564113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2565113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2566113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2567113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2568113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2569113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2570113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2571113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2572113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2573113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2574113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2575113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2576113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2577113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2578113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2579113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdbdd0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2580113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2581113c.2058: supR3HardenedDllNotificationCallback: load 000007feedf30000 LB 0x00088000 C:\windows\System32\dsound.dll [fFlags=0x0]
2582113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2583113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2584113c.2058: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x0002c000 C:\windows\System32\POWRPROF.dll [fFlags=0x0]
2585113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2586113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2587113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482deb0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2588113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf30000 'C:\windows\System32\dsound.dll'
2589113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf30000 'C:\windows\System32\dsound.dll'
2590113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2591113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2592113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2593113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2594113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2595113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2596113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2597113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2598113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2599113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2600113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust
2601113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2602113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2603113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2604113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e74 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2605113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2606113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2607113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2608113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2609113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2610113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2611113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2612113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2613113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2614113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2615113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust
2616113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2617113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2618113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2619113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2620113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2621113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2622113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2623113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2624113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2625113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2626113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2627113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2628113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2629113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2630113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2631113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2632113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2633113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2634113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdbdd0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2635113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2636113c.2058: supR3HardenedDllNotificationCallback: load 000007fefc540000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
2637113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2638113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2639113c.2058: supR3HardenedDllNotificationCallback: load 000007fefc410000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
2640113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2641113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\windows\system32\ADVAPI32.dll'
2642113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc540000 'C:\windows\System32\MMDevApi.dll'
2643113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
2644113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2645113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2646113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffab0000 'C:\windows\system32\SETUPAPI.dll'
2647113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2648113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2649113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa30000 'C:\windows\system32\SHLWAPI.dll'
2650113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2651113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2652113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc540000 'C:\windows\system32\MMDEVAPI.DLL'
2653113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
2654113c.880: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2655113c.880: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2656113c.880: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\windows\system32\CFGMGR32.dll'
2657113c.2394: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec4 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2658113c.2394: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2659113c.2394: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2660113c.2394: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
2661113c.2394: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
2662113c.2394: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2663113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2664113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2665113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2666113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2667113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2668113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2669113c.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2670113c.2394: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust
2671113c.2394: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2672113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2673113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2674113c.2394: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2675113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2676113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2677113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2678113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2679113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2680113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2681113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2682113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2683113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2684113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2685113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2686113c.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2687113c.2394: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2688113c.2394: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2689113c.2394: supR3HardenedDllNotificationCallback: load 000007fefae80000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
2690113c.2394: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2691113c.2394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae80000 'C:\windows\system32\AUDIOSES.DLL'
2692113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2693113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2694113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2695113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2696113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2697113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2698113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2699113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\windows\system32\RPCRT4.dll'
2700113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2701113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2702113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc540000 'C:\windows\system32\MMDevAPI.DLL'
2703113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f14 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2704113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2705113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2706113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2707113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2708113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2709113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2710113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2711113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2712113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2713113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2714113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2715113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2716113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2717113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust
2718113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2719113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2720113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2721113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f18 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2722113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2723113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2724113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2725113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2726113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2727113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust
2728113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2729113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2730113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2731113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2732113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2733113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2734113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f2c pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2735113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2736113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2737113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2738113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2739113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2740113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2741113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust
2742113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2743113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2744113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2745113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2746113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2747113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2748113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2749113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2750113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2751113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2752113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2753113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2754113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2755113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2756113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2757113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2758113c.2058: supR3HardenedDllNotificationCallback: load 000007fefb6d0000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
2759113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2760113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2761113c.2058: supR3HardenedDllNotificationCallback: load 00000000754c0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
2762113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2763113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2764113c.2058: supR3HardenedDllNotificationCallback: load 000007fefc400000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
2765113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2766113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2767113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2768113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2769113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2770113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2771113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2772113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2773113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2774113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e2a0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2775113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2776113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2777113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e2a0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2778113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2779113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2780113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e2a0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2781113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2782113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2783113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2784113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2785113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\windows\system32\wdmaud.drv'
2786113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f20 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2787113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2788113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2789113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
2790113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2791113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2792113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2793113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2794113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2795113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
2796113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
2797113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust
2798113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2799113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2800113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2801113c.2058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2802113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2803113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2804113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f30 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
2805113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2806113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2807113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
2808113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
2809113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2810113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2811113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2812113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2813113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2814113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2815113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust
2816113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2817113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2818113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2819113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2820113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2821113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2822113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2823113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2824113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2825113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2826113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2827113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2828113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2829113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2830113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2831113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2832113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2833113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2834113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2835113c.2058: supR3HardenedDllNotificationCallback: load 000007fefae00000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
2836113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2837113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2838113c.2058: supR3HardenedDllNotificationCallback: load 000007fefade0000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
2839113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2840113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2841113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2842113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2843113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2844113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2845113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2846113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2847113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2848113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2849113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2850113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2851113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2852113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2853113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2854113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2855113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2856113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2857113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2858113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2859113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2860113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2861113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae00000 'C:\windows\system32\msacm32.drv'
2862113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f40 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
2863113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2864113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2865113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
2866113c.2058: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
2867113c.2058: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2868113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2869113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2870113c.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2871113c.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust
2872113c.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2873113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2874113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2875113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2876113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2877113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2878113c.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2879113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2880113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2881113c.2058: supR3HardenedDllNotificationCallback: load 000007fefadd0000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
2882113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2883113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\windows\system32\midimap.dll'
2884113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2885113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2886113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\windows\system32\midimap.dll'
2887113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2888113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2889113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\windows\system32\midimap.dll'
2890113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2891113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2892113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\windows\system32\midimap.dll'
2893113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2894113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2895113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2896113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2897113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\ole32.dll'
2898113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2899113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2900113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2901113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2902113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2903113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\windows\system32\winmm.dll'
2904113c.21e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2905113c.21e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002cdcae0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2906113c.21e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae80000 'C:\windows\System32\audioses.dll'
2907113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2908113c.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2909113c.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2910113c.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2911113c.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077760000 'C:\windows\system32/kernel32.dll'
2912113c.1eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2913113c.1eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2914113c.1eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff920000 'C:\windows\system32\OLEAUT32.dll'
2915113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2916113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2917113c.1690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2918113c.1690: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007dac80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2919113c.1690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc400000 'C:\windows\system32\avrt.dll'
2920113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001064 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
2921113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2922113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2923113c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2924113c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007dab60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2925113c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd950000 'C:\windows\system32\WINTRUST.DLL'
2926113c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2927113c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007dab60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2928113c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\windows\system32\CRYPT32.dll'
2929113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
2930113c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\windows\system32\cryptnet.dll'
2931113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
2932113c.173c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2933113c.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2934113c.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2935113c.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2936113c.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2937113c.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll)WinVerifyTrust
2938113c.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
2939113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2940113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2941113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2942113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2943113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2944113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2945113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2946113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2947113c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007dac80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2948113c.173c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
2949113c.173c: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00055000 C:\windows\system32\mswsock.dll [fFlags=0x0]
2950113c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
2951113c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\windows\system32\mswsock.dll'
2952113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001090 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
2953113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002be7390
2954113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002be7390
2955113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
2956113c.173c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
2957113c.173c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2958113c.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
2959113c.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL)WinVerifyTrust
2960113c.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
2961113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2962113c.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2963113c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007dac80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2964113c.173c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
2965113c.173c: supR3HardenedDllNotificationCallback: load 000007fefc900000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [fFlags=0x0]
2966113c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
2967113c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\windows\System32\wshtcpip.dll'
2968113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2969113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2970113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2971113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2972113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2973113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482e690:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2974113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2975113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2976113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2977113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2978113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2979113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2980113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2981113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb80000 'C:\windows\system32\shell32.dll'
2982113c.1714: supR3HardenedDllNotificationCallback: Unload 000007fefaae0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
2983113c.1f90: supR3HardenedDllNotificationCallback: Unload 000007fefaaf0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2984113c.2210: supR3HardenedDllNotificationCallback: Unload 000007fefab00000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2985113c.15a8: supR3HardenedDllNotificationCallback: Unload 000007fefb8d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2986113c.1ed4: supR3HardenedDllNotificationCallback: Unload 000007fefab10000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2987113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fefc900000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [flags=0x0]
2988113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0610000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
2989113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0820000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
2990113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0b70000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
2991113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0840000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2992113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fedecc0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2993113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0880000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2994113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0690000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2995113c.2058: supR3HardenedDllNotificationCallback: Unload 000007fef0d70000 LB 0x00051000 C:\windows\system32\newdev.dll [flags=0x0]
2996113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fefa9f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
2997113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fef5220000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [flags=0x0]
2998113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fef51f0000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [flags=0x0]
2999113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fef4e80000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [flags=0x0]
3000113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fef56f0000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [flags=0x0]
3001113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fef5700000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [flags=0x0]
3002113c.16c4: supR3HardenedDllNotificationCallback: Unload 000007fedfc10000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3003113c.16c4: Terminating the normal way: rcExit=0
3004113c.16c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
3005113c.16c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000482d520:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3006113c.16c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd950000 'C:\windows\system32\WINTRUST.dll'
30072078.1350: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 240231 ms, the end);
30081e08.2044: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 240576 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy