VirtualBox

Ticket #14382: VBoxStartup.log

File VBoxStartup.log, 365.7 KB (added by clive darra, 9 years ago)

startup log

Line 
1f20.13b0: Log file opened: 4.3.30r101610 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2f20.13b0: \SystemRoot\System32\ntdll.dll:
3f20.13b0: CreationTime: 2015-06-11T12:45:59.533018300Z
4f20.13b0: LastWriteTime: 2015-05-25T18:21:21.289963400Z
5f20.13b0: ChangeTime: 2015-06-12T12:45:30.695642500Z
6f20.13b0: FileAttributes: 0x20
7f20.13b0: Size: 0x1a61c0
8f20.13b0: NT Headers: 0xe0
9f20.13b0: Timestamp: 0x556366f2
10f20.13b0: Machine: 0x8664 - amd64
11f20.13b0: Timestamp: 0x556366f2
12f20.13b0: Image Version: 6.1
13f20.13b0: SizeOfImage: 0x1a9000 (1740800)
14f20.13b0: Resource Dir: 0x14d000 LB 0x5a028
15f20.13b0: ProductName: Microsoft® Windows® Operating System
16f20.13b0: ProductVersion: 6.1.7601.18869
17f20.13b0: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
18f20.13b0: FileDescription: NT Layer DLL
19f20.13b0: \SystemRoot\System32\kernel32.dll:
20f20.13b0: CreationTime: 2015-06-11T12:46:00.376066500Z
21f20.13b0: LastWriteTime: 2015-05-25T18:19:02.585000000Z
22f20.13b0: ChangeTime: 2015-06-12T12:45:32.708046000Z
23f20.13b0: FileAttributes: 0x20
24f20.13b0: Size: 0x11be00
25f20.13b0: NT Headers: 0xe8
26f20.13b0: Timestamp: 0x556366fc
27f20.13b0: Machine: 0x8664 - amd64
28f20.13b0: Timestamp: 0x556366fc
29f20.13b0: Image Version: 6.1
30f20.13b0: SizeOfImage: 0x11f000 (1175552)
31f20.13b0: Resource Dir: 0x116000 LB 0x528
32f20.13b0: ProductName: Microsoft® Windows® Operating System
33f20.13b0: ProductVersion: 6.1.7601.18869
34f20.13b0: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
35f20.13b0: FileDescription: Windows NT BASE API Client DLL
36f20.13b0: \SystemRoot\System32\KernelBase.dll:
37f20.13b0: CreationTime: 2015-06-11T12:46:02.094164800Z
38f20.13b0: LastWriteTime: 2015-05-25T18:19:02.585000000Z
39f20.13b0: ChangeTime: 2015-06-12T12:45:32.723646100Z
40f20.13b0: FileAttributes: 0x20
41f20.13b0: Size: 0x67c00
42f20.13b0: NT Headers: 0xe8
43f20.13b0: Timestamp: 0x556366fd
44f20.13b0: Machine: 0x8664 - amd64
45f20.13b0: Timestamp: 0x556366fd
46f20.13b0: Image Version: 6.1
47f20.13b0: SizeOfImage: 0x6c000 (442368)
48f20.13b0: Resource Dir: 0x6a000 LB 0x530
49f20.13b0: ProductName: Microsoft® Windows® Operating System
50f20.13b0: ProductVersion: 6.1.7601.18869
51f20.13b0: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
52f20.13b0: FileDescription: Windows NT BASE API Client DLL
53f20.13b0: \SystemRoot\System32\apisetschema.dll:
54f20.13b0: CreationTime: 2015-06-11T12:45:53.321663000Z
55f20.13b0: LastWriteTime: 2015-05-25T18:11:40.254000000Z
56f20.13b0: ChangeTime: 2015-06-12T12:45:30.446042100Z
57f20.13b0: FileAttributes: 0x20
58f20.13b0: Size: 0x1a00
59f20.13b0: NT Headers: 0xc0
60f20.13b0: Timestamp: 0x55636622
61f20.13b0: Machine: 0x8664 - amd64
62f20.13b0: Timestamp: 0x55636622
63f20.13b0: Image Version: 6.1
64f20.13b0: SizeOfImage: 0x50000 (327680)
65f20.13b0: Resource Dir: 0x30000 LB 0x3f8
66f20.13b0: ProductName: Microsoft® Windows® Operating System
67f20.13b0: ProductVersion: 6.1.7601.18869
68f20.13b0: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
69f20.13b0: FileDescription: ApiSet Schema DLL
70f20.13b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71f20.13b0: supR3HardenedWinFindAdversaries: 0x400
72f20.13b0: \SystemRoot\System32\drivers\MpFilter.sys:
73f20.13b0: CreationTime: 2015-03-04T18:34:52.000000000Z
74f20.13b0: LastWriteTime: 2015-03-04T18:34:52.000000000Z
75f20.13b0: ChangeTime: 2015-05-13T13:14:21.556414300Z
76f20.13b0: FileAttributes: 0x2020
77f20.13b0: Size: 0x44738
78f20.13b0: NT Headers: 0xf0
79f20.13b0: Timestamp: 0x54efb880
80f20.13b0: Machine: 0x8664 - amd64
81f20.13b0: Timestamp: 0x54efb880
82f20.13b0: Image Version: 6.3
83f20.13b0: SizeOfImage: 0x44000 (278528)
84f20.13b0: Resource Dir: 0x42000 LB 0xd50
85f20.13b0: ProductName: Microsoft Malware Protection
86f20.13b0: ProductVersion: 4.8.0200.0
87f20.13b0: FileVersion: 4.8.0200.0
88f20.13b0: FileDescription: Microsoft antimalware file system filter driver
89f20.13b0: \SystemRoot\System32\drivers\NisDrvWFP.sys:
90f20.13b0: CreationTime: 2014-03-11T08:52:30.000000000Z
91f20.13b0: LastWriteTime: 2015-03-04T18:34:52.000000000Z
92f20.13b0: ChangeTime: 2015-05-13T13:14:21.322413900Z
93f20.13b0: FileAttributes: 0x2020
94f20.13b0: Size: 0x1e698
95f20.13b0: NT Headers: 0xf0
96f20.13b0: Timestamp: 0x54efb8af
97f20.13b0: Machine: 0x8664 - amd64
98f20.13b0: Timestamp: 0x54efb8af
99f20.13b0: Image Version: 6.3
100f20.13b0: SizeOfImage: 0x1f000 (126976)
101f20.13b0: Resource Dir: 0x1c000 LB 0x1b90
102f20.13b0: ProductName: Microsoft Malware Protection
103f20.13b0: ProductVersion: 4.8.0200.0
104f20.13b0: FileVersion: 4.8.0200.0
105f20.13b0: FileDescription: Microsoft Network Realtime Inspection Driver
106f20.13b0: Calling main()
107f20.13b0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
108f20.13b0: SUPR3HardenedMain: Respawn #1
109f20.13b0: System32: \Device\HarddiskVolume2\Windows\System32
110f20.13b0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
111f20.13b0: KnownDllPath: C:\Windows\system32
112f20.13b0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
113f20.13b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
114f20.13b0: supR3HardNtEnableThreadCreation:
115f20.13b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b780 pvNtTerminateThread=00000000774ae0e0
116f20.13b0: supR3HardenedWinDoReSpawn(1): New child 1244.1084 [kernel32].
117f20.13b0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
118f20.13b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077460000 uNtDllChildAddr=0000000077460000
119f20.13b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007748b780
120f20.13b0: supR3HardenedWinSetupChildInit: Start child.
121f20.13b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
122f20.13b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 61 sleeps
123f20.13b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
124f20.13b0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
125f20.13b0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
126f20.13b0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
127f20.13b0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
128f20.13b0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
129f20.13b0: 0000000000041000-fffffffffff91fff 0x0001/0x0000 0x0000000
130f20.13b0: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
131f20.13b0: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000
132f20.13b0: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000
133f20.13b0: 00000000001f0000-ffffffff88f7ffff 0x0001/0x0000 0x0000000
134f20.13b0: *0000000077460000-0000000077460fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
135f20.13b0: 0000000077461000-000000007755efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
136f20.13b0: 000000007755f000-000000007758dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137f20.13b0: 000000007758e000-0000000077595fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138f20.13b0: 0000000077596000-0000000077596fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139f20.13b0: 0000000077597000-0000000077599fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140f20.13b0: 000000007759a000-0000000077608fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141f20.13b0: 0000000077609000-000000006fc31fff 0x0001/0x0000 0x0000000
142f20.13b0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
143f20.13b0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
144f20.13b0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
145f20.13b0: 000000007fff0000-ffffffffc0baffff 0x0001/0x0000 0x0000000
146f20.13b0: *000000013f430000-000000013f430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
147f20.13b0: 000000013f431000-000000013f4b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
148f20.13b0: 000000013f4b6000-000000013f4b6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
149f20.13b0: 000000013f4b7000-000000013f4f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
150f20.13b0: 000000013f4f5000-000000013f4f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
151f20.13b0: 000000013f4f6000-000000013f4f6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
152f20.13b0: 000000013f4f7000-000000013f4f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
153f20.13b0: 000000013f4f9000-000000013f4f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
154f20.13b0: 000000013f4fa000-000000013f4fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
155f20.13b0: 000000013f4fb000-000000013f4fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
156f20.13b0: 000000013f4ff000-000000013f537fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
157f20.13b0: 000000013f538000-fffff8037f2effff 0x0001/0x0000 0x0000000
158f20.13b0: *000007feff780000-000007feff780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
159f20.13b0: 000007feff781000-000007fdfef51fff 0x0001/0x0000 0x0000000
160f20.13b0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
161f20.13b0: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
162f20.13b0: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
163f20.13b0: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
164f20.13b0: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
165f20.13b0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
166f20.13b0: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
167f20.13b0: VirtualBox.exe: timestamp 0x559faaf3 (rc=VINF_SUCCESS)
168f20.13b0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
169f20.13b0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
170f20.13b0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
171f20.13b0: supR3HardNtChildPurify: Done after 545 ms and 0 fixes (loop #0).
172f20.13b0: supR3HardNtEnableThreadCreation:
1731244.1084: Log file opened: 4.3.30r101610 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
1741244.1084: supR3HardenedVmProcessInit: uNtDllAddr=0000000077460000
1751244.1084: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
1761244.1084: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
1771244.1084: System32: \Device\HarddiskVolume2\Windows\System32
1781244.1084: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1791244.1084: KnownDllPath: C:\Windows\system32
1801244.1084: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1811244.1084: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1821244.1084: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1831244.1084: Registered Dll notification callback with NTDLL.
1841244.1084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1851244.1084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1861244.1084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1871244.1084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1881244.1084: supR3HardenedDllNotificationCallback: load 0000000077240000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1891244.1084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1901244.1084: supR3HardenedDllNotificationCallback: load 000007fefd510000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1911244.1084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1921244.1084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1931244.1084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\kernel32.dll'
1941244.1084: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b780 pvNtTerminateThread=00000000774ae0e0
195f20.13b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
1961244.1084: \SystemRoot\System32\ntdll.dll:
1971244.1084: CreationTime: 2015-06-11T12:45:59.533018300Z
1981244.1084: LastWriteTime: 2015-05-25T18:21:21.289963400Z
1991244.1084: ChangeTime: 2015-06-12T12:45:30.695642500Z
2001244.1084: FileAttributes: 0x20
2011244.1084: Size: 0x1a61c0
2021244.1084: NT Headers: 0xe0
2031244.1084: Timestamp: 0x556366f2
2041244.1084: Machine: 0x8664 - amd64
2051244.1084: Timestamp: 0x556366f2
2061244.1084: Image Version: 6.1
2071244.1084: SizeOfImage: 0x1a9000 (1740800)
2081244.1084: Resource Dir: 0x14d000 LB 0x5a028
2091244.1084: ProductName: Microsoft® Windows® Operating System
2101244.1084: ProductVersion: 6.1.7601.18869
2111244.1084: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2121244.1084: FileDescription: NT Layer DLL
2131244.1084: \SystemRoot\System32\kernel32.dll:
2141244.1084: CreationTime: 2015-06-11T12:46:00.376066500Z
2151244.1084: LastWriteTime: 2015-05-25T18:19:02.585000000Z
2161244.1084: ChangeTime: 2015-06-12T12:45:32.708046000Z
2171244.1084: FileAttributes: 0x20
2181244.1084: Size: 0x11be00
2191244.1084: NT Headers: 0xe8
2201244.1084: Timestamp: 0x556366fc
2211244.1084: Machine: 0x8664 - amd64
2221244.1084: Timestamp: 0x556366fc
2231244.1084: Image Version: 6.1
2241244.1084: SizeOfImage: 0x11f000 (1175552)
2251244.1084: Resource Dir: 0x116000 LB 0x528
2261244.1084: ProductName: Microsoft® Windows® Operating System
2271244.1084: ProductVersion: 6.1.7601.18869
2281244.1084: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2291244.1084: FileDescription: Windows NT BASE API Client DLL
2301244.1084: \SystemRoot\System32\KernelBase.dll:
2311244.1084: CreationTime: 2015-06-11T12:46:02.094164800Z
2321244.1084: LastWriteTime: 2015-05-25T18:19:02.585000000Z
2331244.1084: ChangeTime: 2015-06-12T12:45:32.723646100Z
2341244.1084: FileAttributes: 0x20
2351244.1084: Size: 0x67c00
2361244.1084: NT Headers: 0xe8
2371244.1084: Timestamp: 0x556366fd
2381244.1084: Machine: 0x8664 - amd64
2391244.1084: Timestamp: 0x556366fd
2401244.1084: Image Version: 6.1
2411244.1084: SizeOfImage: 0x6c000 (442368)
2421244.1084: Resource Dir: 0x6a000 LB 0x530
2431244.1084: ProductName: Microsoft® Windows® Operating System
2441244.1084: ProductVersion: 6.1.7601.18869
2451244.1084: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2461244.1084: FileDescription: Windows NT BASE API Client DLL
2471244.1084: \SystemRoot\System32\apisetschema.dll:
2481244.1084: CreationTime: 2015-06-11T12:45:53.321663000Z
2491244.1084: LastWriteTime: 2015-05-25T18:11:40.254000000Z
2501244.1084: ChangeTime: 2015-06-12T12:45:30.446042100Z
2511244.1084: FileAttributes: 0x20
2521244.1084: Size: 0x1a00
2531244.1084: NT Headers: 0xc0
2541244.1084: Timestamp: 0x55636622
2551244.1084: Machine: 0x8664 - amd64
2561244.1084: Timestamp: 0x55636622
2571244.1084: Image Version: 6.1
2581244.1084: SizeOfImage: 0x50000 (327680)
2591244.1084: Resource Dir: 0x30000 LB 0x3f8
2601244.1084: ProductName: Microsoft® Windows® Operating System
2611244.1084: ProductVersion: 6.1.7601.18869
2621244.1084: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2631244.1084: FileDescription: ApiSet Schema DLL
2641244.1084: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2651244.1084: supR3HardenedWinFindAdversaries: 0x400
2661244.1084: \SystemRoot\System32\drivers\MpFilter.sys:
2671244.1084: CreationTime: 2015-03-04T18:34:52.000000000Z
2681244.1084: LastWriteTime: 2015-03-04T18:34:52.000000000Z
2691244.1084: ChangeTime: 2015-05-13T13:14:21.556414300Z
2701244.1084: FileAttributes: 0x2020
2711244.1084: Size: 0x44738
2721244.1084: NT Headers: 0xf0
2731244.1084: Timestamp: 0x54efb880
2741244.1084: Machine: 0x8664 - amd64
2751244.1084: Timestamp: 0x54efb880
2761244.1084: Image Version: 6.3
2771244.1084: SizeOfImage: 0x44000 (278528)
2781244.1084: Resource Dir: 0x42000 LB 0xd50
2791244.1084: ProductName: Microsoft Malware Protection
2801244.1084: ProductVersion: 4.8.0200.0
2811244.1084: FileVersion: 4.8.0200.0
2821244.1084: FileDescription: Microsoft antimalware file system filter driver
2831244.1084: \SystemRoot\System32\drivers\NisDrvWFP.sys:
2841244.1084: CreationTime: 2014-03-11T08:52:30.000000000Z
2851244.1084: LastWriteTime: 2015-03-04T18:34:52.000000000Z
2861244.1084: ChangeTime: 2015-05-13T13:14:21.322413900Z
2871244.1084: FileAttributes: 0x2020
2881244.1084: Size: 0x1e698
2891244.1084: NT Headers: 0xf0
2901244.1084: Timestamp: 0x54efb8af
2911244.1084: Machine: 0x8664 - amd64
2921244.1084: Timestamp: 0x54efb8af
2931244.1084: Image Version: 6.3
2941244.1084: SizeOfImage: 0x1f000 (126976)
2951244.1084: Resource Dir: 0x1c000 LB 0x1b90
2961244.1084: ProductName: Microsoft Malware Protection
2971244.1084: ProductVersion: 4.8.0200.0
2981244.1084: FileVersion: 4.8.0200.0
2991244.1084: FileDescription: Microsoft Network Realtime Inspection Driver
3001244.1084: Calling main()
3011244.1084: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3021244.1084: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3031244.1084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3041244.1084: SUPR3HardenedMain: Respawn #2
3051244.1084: supR3HardNtEnableThreadCreation:
3061244.1084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3071244.1084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3081244.1084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3091244.1084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3101244.1084: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3111244.1084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3121244.1084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\apphelp.dll'
3131244.1084: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b780 pvNtTerminateThread=00000000774ae0e0
3141244.1084: supR3HardenedWinDoReSpawn(2): New child efc.14f4 [kernel32].
3151244.1084: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
3161244.1084: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077460000 uNtDllChildAddr=0000000077460000
3171244.1084: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007748b780
3181244.1084: supR3HardenedWinSetupChildInit: Start child.
3191244.1084: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
3201244.1084: supR3HardNtChildPurify: Startup delay kludge #1/0: 523 ms, 38 sleeps
3211244.1084: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3221244.1084: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3231244.1084: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3241244.1084: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3251244.1084: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3261244.1084: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3271244.1084: 0000000000041000-ffffffffffff1fff 0x0001/0x0000 0x0000000
3281244.1084: *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
3291244.1084: 000000000018c000-0000000000188fff 0x0104/0x0004 0x0020000
3301244.1084: 000000000018f000-000000000018dfff 0x0004/0x0004 0x0020000
3311244.1084: 0000000000190000-ffffffff88ebffff 0x0001/0x0000 0x0000000
3321244.1084: *0000000077460000-0000000077460fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3331244.1084: 0000000077461000-000000007755efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3341244.1084: 000000007755f000-000000007758dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3351244.1084: 000000007758e000-0000000077595fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3361244.1084: 0000000077596000-0000000077596fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3371244.1084: 0000000077597000-0000000077599fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3381244.1084: 000000007759a000-0000000077608fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3391244.1084: 0000000077609000-000000006fc31fff 0x0001/0x0000 0x0000000
3401244.1084: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3411244.1084: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3421244.1084: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3431244.1084: 000000007fff0000-ffffffffc0baffff 0x0001/0x0000 0x0000000
3441244.1084: *000000013f430000-000000013f430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3451244.1084: 000000013f431000-000000013f4b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3461244.1084: 000000013f4b6000-000000013f4b6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3471244.1084: 000000013f4b7000-000000013f4f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3481244.1084: 000000013f4f5000-000000013f4f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3491244.1084: 000000013f4f6000-000000013f4f6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3501244.1084: 000000013f4f7000-000000013f4f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3511244.1084: 000000013f4f9000-000000013f4f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3521244.1084: 000000013f4fa000-000000013f4fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3531244.1084: 000000013f4fb000-000000013f4fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3541244.1084: 000000013f4ff000-000000013f537fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3551244.1084: 000000013f538000-fffff8037f2effff 0x0001/0x0000 0x0000000
3561244.1084: *000007feff780000-000007feff780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3571244.1084: 000007feff781000-000007fdfef51fff 0x0001/0x0000 0x0000000
3581244.1084: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3591244.1084: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
3601244.1084: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
3611244.1084: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
3621244.1084: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3631244.1084: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
3641244.1084: VirtualBox.exe: timestamp 0x559faaf3 (rc=VINF_SUCCESS)
3651244.1084: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3661244.1084: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3671244.1084: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3681244.1084: supR3HardNtChildPurify: Done after 539 ms and 0 fixes (loop #0).
369efc.14f4: Log file opened: 4.3.30r101610 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
370efc.14f4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077460000
371efc.14f4: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
372efc.14f4: New simple heap: #1 0000000000290000 LB 0x400000 (for 1740800 allocation)
3731244.1084: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
3741244.1084: supR3HardNtEnableThreadCreation:
375efc.14f4: System32: \Device\HarddiskVolume2\Windows\System32
376efc.14f4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
377efc.14f4: KnownDllPath: C:\Windows\system32
378efc.14f4: supR3HardenedVmProcessInit: Opening vboxdrv...
379efc.14f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
380efc.14f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
381efc.14f4: Registered Dll notification callback with NTDLL.
382efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
383efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
384efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
385efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
386efc.14f4: supR3HardenedDllNotificationCallback: load 0000000077240000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
387efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
388efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd510000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
389efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
390efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
391efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\kernel32.dll'
392efc.14f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b780 pvNtTerminateThread=00000000774ae0e0
3931244.1084: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
394efc.14f4: \SystemRoot\System32\ntdll.dll:
395efc.14f4: CreationTime: 2015-06-11T12:45:59.533018300Z
396efc.14f4: LastWriteTime: 2015-05-25T18:21:21.289963400Z
397efc.14f4: ChangeTime: 2015-06-12T12:45:30.695642500Z
398efc.14f4: FileAttributes: 0x20
399efc.14f4: Size: 0x1a61c0
400efc.14f4: NT Headers: 0xe0
401efc.14f4: Timestamp: 0x556366f2
402efc.14f4: Machine: 0x8664 - amd64
403efc.14f4: Timestamp: 0x556366f2
404efc.14f4: Image Version: 6.1
405efc.14f4: SizeOfImage: 0x1a9000 (1740800)
406efc.14f4: Resource Dir: 0x14d000 LB 0x5a028
407efc.14f4: ProductName: Microsoft® Windows® Operating System
408efc.14f4: ProductVersion: 6.1.7601.18869
409efc.14f4: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
410efc.14f4: FileDescription: NT Layer DLL
411efc.14f4: \SystemRoot\System32\kernel32.dll:
412efc.14f4: CreationTime: 2015-06-11T12:46:00.376066500Z
413efc.14f4: LastWriteTime: 2015-05-25T18:19:02.585000000Z
414efc.14f4: ChangeTime: 2015-06-12T12:45:32.708046000Z
415efc.14f4: FileAttributes: 0x20
416efc.14f4: Size: 0x11be00
417efc.14f4: NT Headers: 0xe8
418efc.14f4: Timestamp: 0x556366fc
419efc.14f4: Machine: 0x8664 - amd64
420efc.14f4: Timestamp: 0x556366fc
421efc.14f4: Image Version: 6.1
422efc.14f4: SizeOfImage: 0x11f000 (1175552)
423efc.14f4: Resource Dir: 0x116000 LB 0x528
424efc.14f4: ProductName: Microsoft® Windows® Operating System
425efc.14f4: ProductVersion: 6.1.7601.18869
426efc.14f4: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
427efc.14f4: FileDescription: Windows NT BASE API Client DLL
428efc.14f4: \SystemRoot\System32\KernelBase.dll:
429efc.14f4: CreationTime: 2015-06-11T12:46:02.094164800Z
430efc.14f4: LastWriteTime: 2015-05-25T18:19:02.585000000Z
431efc.14f4: ChangeTime: 2015-06-12T12:45:32.723646100Z
432efc.14f4: FileAttributes: 0x20
433efc.14f4: Size: 0x67c00
434efc.14f4: NT Headers: 0xe8
435efc.14f4: Timestamp: 0x556366fd
436efc.14f4: Machine: 0x8664 - amd64
437efc.14f4: Timestamp: 0x556366fd
438efc.14f4: Image Version: 6.1
439efc.14f4: SizeOfImage: 0x6c000 (442368)
440efc.14f4: Resource Dir: 0x6a000 LB 0x530
441efc.14f4: ProductName: Microsoft® Windows® Operating System
442efc.14f4: ProductVersion: 6.1.7601.18869
443efc.14f4: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
444efc.14f4: FileDescription: Windows NT BASE API Client DLL
445efc.14f4: \SystemRoot\System32\apisetschema.dll:
446efc.14f4: CreationTime: 2015-06-11T12:45:53.321663000Z
447efc.14f4: LastWriteTime: 2015-05-25T18:11:40.254000000Z
448efc.14f4: ChangeTime: 2015-06-12T12:45:30.446042100Z
449efc.14f4: FileAttributes: 0x20
450efc.14f4: Size: 0x1a00
451efc.14f4: NT Headers: 0xc0
452efc.14f4: Timestamp: 0x55636622
453efc.14f4: Machine: 0x8664 - amd64
454efc.14f4: Timestamp: 0x55636622
455efc.14f4: Image Version: 6.1
456efc.14f4: SizeOfImage: 0x50000 (327680)
457efc.14f4: Resource Dir: 0x30000 LB 0x3f8
458efc.14f4: ProductName: Microsoft® Windows® Operating System
459efc.14f4: ProductVersion: 6.1.7601.18869
460efc.14f4: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
461efc.14f4: FileDescription: ApiSet Schema DLL
462efc.14f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
463efc.14f4: supR3HardenedWinFindAdversaries: 0x400
464efc.14f4: \SystemRoot\System32\drivers\MpFilter.sys:
465efc.14f4: CreationTime: 2015-03-04T18:34:52.000000000Z
466efc.14f4: LastWriteTime: 2015-03-04T18:34:52.000000000Z
467efc.14f4: ChangeTime: 2015-05-13T13:14:21.556414300Z
468efc.14f4: FileAttributes: 0x2020
469efc.14f4: Size: 0x44738
470efc.14f4: NT Headers: 0xf0
471efc.14f4: Timestamp: 0x54efb880
472efc.14f4: Machine: 0x8664 - amd64
473efc.14f4: Timestamp: 0x54efb880
474efc.14f4: Image Version: 6.3
475efc.14f4: SizeOfImage: 0x44000 (278528)
476efc.14f4: Resource Dir: 0x42000 LB 0xd50
477efc.14f4: ProductName: Microsoft Malware Protection
478efc.14f4: ProductVersion: 4.8.0200.0
479efc.14f4: FileVersion: 4.8.0200.0
480efc.14f4: FileDescription: Microsoft antimalware file system filter driver
481efc.14f4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
482efc.14f4: CreationTime: 2014-03-11T08:52:30.000000000Z
483efc.14f4: LastWriteTime: 2015-03-04T18:34:52.000000000Z
484efc.14f4: ChangeTime: 2015-05-13T13:14:21.322413900Z
485efc.14f4: FileAttributes: 0x2020
486efc.14f4: Size: 0x1e698
487efc.14f4: NT Headers: 0xf0
488efc.14f4: Timestamp: 0x54efb8af
489efc.14f4: Machine: 0x8664 - amd64
490efc.14f4: Timestamp: 0x54efb8af
491efc.14f4: Image Version: 6.3
492efc.14f4: SizeOfImage: 0x1f000 (126976)
493efc.14f4: Resource Dir: 0x1c000 LB 0x1b90
494efc.14f4: ProductName: Microsoft Malware Protection
495efc.14f4: ProductVersion: 4.8.0200.0
496efc.14f4: FileVersion: 4.8.0200.0
497efc.14f4: FileDescription: Microsoft Network Realtime Inspection Driver
498efc.14f4: Calling main()
499efc.14f4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
500efc.14f4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
501efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
502efc.14f4: SUPR3HardenedMain: Final process, opening VBoxDrv...
503efc.14f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
504efc.14f4: supR3HardNtEnableThreadCreation:
505efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
506efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
507efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4640:C:\Windows\system32 [calling]
508efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
509efc.14f4: supR3HardenedDllNotificationCallback: load 000007feebb60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
510efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
511efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
512efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
513efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
514efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
515efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
516efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
517efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
518efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
519efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
520efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
521efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
522efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
523efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
524efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
525efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
526efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
527efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
528efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
529efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
530efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
531efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
532efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
533efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
534efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
535efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
536efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
537efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
538efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
539efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
540efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
541efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
542efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
543efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
544efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
545efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
546efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
547efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
548efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4640:C:\Windows\system32 [calling]
549efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
550efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd3f0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
551efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
552efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
553efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
554efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd230000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
555efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
556efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
557efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
558efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefdd50000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
559efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
560efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\Wintrust.dll'
561efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
562efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
563efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000729c10:C:\Windows\system32 [calling]
564efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
565efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefcba0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
566efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
567efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\bcrypt.dll'
568efc.14f4: bcrypt.dll loaded at 000007fefcba0000, BCryptOpenAlgorithmProvider at 000007fefcba2640, preloading providers:
569efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
570efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
571efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
572efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
573efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
574efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
575efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
576efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
577efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
578efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
579efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
580efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
581efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
582efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
583efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
584efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
585efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
586efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
587efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
588efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
589efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
590efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefc690000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
591efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
592efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe400000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
593efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
594efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
595efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
596efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
597efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
598efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe810000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
599efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
600efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc690000 'C:\Windows\system32\bcryptprimitives.dll'
601efc.14f4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000072b2f0)
602efc.14f4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000072e1b0)
603efc.14f4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000072e2d0)
604efc.14f4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000072e4e0)
605efc.14f4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000072e600)
606efc.14f4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000072e720)
607efc.14f4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000072e960)
608efc.14f4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000072ea80)
609efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
610efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
611efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
612efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
613efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
614efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
615efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
616efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
617efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
618efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
619efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefca50000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
620efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
621efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\CRYPTSP.dll'
622efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
623efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
624efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
625efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
626efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
627efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
628efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
629efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
630efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
631efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
632efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\rsaenh.dll'
633efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
634efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
635efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
636efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
637efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
638efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
639efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
640efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
641efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
642efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CRYPTBASE.dll'
643efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
644efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
645efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\kernel32.dll'
646efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
647efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
648efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\WINTRUST.DLL'
649efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
650efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
651efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd230000 'C:\Windows\system32\CRYPT32.dll'
652efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
653efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
654efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
655efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
656efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
657efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
658efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
659efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
660efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
661efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
662efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
663efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
664efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
665efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
666efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4e0000 'C:\Windows\system32\imagehlp.dll'
667efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
668efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
669efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\CRYPTSP.dll'
670efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
671efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
672efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
673efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
674efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
675efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
676efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
677efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
678efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
679efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
680efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
681efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
682efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
683efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
684efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
685efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
686efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
687efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
688efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
689efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
690efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
691efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
692efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
693efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
694efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
695efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
696efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
697efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
698efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
699efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
700efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
701efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
702efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
703efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
704efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
705efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
706efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
707efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
708efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
709efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
710efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
711efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
712efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
713efc.14f4: supR3HardenedDllNotificationCallback: load 0000000077360000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
714efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
715efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe830000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
716efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
717efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
718efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
719efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd6f0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
720efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
721efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
722efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
723efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe830000 'C:\Windows\system32\gdi32.dll'
724efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
725efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
726efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
727efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
728efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
729efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
730efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
731efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
732efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
733efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
734efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
735efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
736efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
737efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
738efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
739efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
740efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
741efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
742efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
743efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
744efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
745efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
746efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
747efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
748efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
749efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
750efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
751efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
752efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
756efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
757efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
758efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
759efc.14f4: supR3HardenedDllNotificationCallback: load 000007feff660000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
760efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
761efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\Windows\system32\IMM32.DLL'
762efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\USER32.dll'
763efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
764efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
765efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
766efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
767efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
768efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
769efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
770efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
771efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
772efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
773efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
774efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
775efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
776efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
777efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
778efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
779efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
780efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
781efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbd0000 'C:\Windows\system32\ncrypt.dll'
782efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
783efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
784efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\bcrypt.dll'
785efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
786efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
787efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
788efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
789efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
790efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
791efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
792efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
793efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
794efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
795efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
796efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
797efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
798efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
799efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
800efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
801efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
802efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
803efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
804efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
805efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
806efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd440000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
807efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
808efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
809efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
810efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd440000 'C:\Windows\system32\USERENV.dll'
811efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
812efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
813efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
814efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
815efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
816efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
817efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
818efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
819efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
820efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
821efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
822efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
823efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
824efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
825efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
826efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
827efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefbf90000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
828efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
829efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\GPAPI.dll'
830efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
831efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-Management-L1-1-0.dll'
832efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
833efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
834efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\Windows\system32\rpcrt4.dll'
835efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
836efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-Management-L2-1-0.dll'
837efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
838efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
839efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
840efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
841efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
842efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
843efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
844efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
845efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
846efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
847efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
848efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
849efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
850efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
851efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
852efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
853efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
854efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
855efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
856efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
857efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
858efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
859efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
860efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
861efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
862efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
863efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
864efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef8520000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
865efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
866efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd960000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
867efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
868efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
869efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
870efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
871efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
872efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
873efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
874efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
875efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
876efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
877efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
878efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
879efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
880efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
881efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
882efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
883efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
884efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
885efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
886efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
887efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
888efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
889efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
890efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
891efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
892efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
893efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
894efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
895efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
896efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
897efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
898efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
899efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
900efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
901efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
902efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
903efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\profapi.dll'
904efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
905efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
906efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
907efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
908efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
909efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
910efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
911efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
912efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
913efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
914efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
915efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
916efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
917efc.14f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
918efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
919efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
920efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe500000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
921efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
922efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\SHLWAPI.dll'
923efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
924efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000072b210
925efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
926efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDC3F71C5551972E1510D1BCC6D436D5B6B426E8
927efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
928efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
929efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
930efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-Management-L1-1-0.dll'
931efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
932efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
933efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
934efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
935efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
936efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
937efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
938efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
939efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
940efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
941efc.14f4: g_pfnWinVerifyTrust=000007fefd3f1010
942efc.14f4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
943efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
944efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
945efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
946efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
947efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
948efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
949efc.14f4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
950efc.14f4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
951efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
952efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
953efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
954efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
955efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
956efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
957efc.14f4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
958efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
959efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
960efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
961efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
962efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
963efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
964efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
965efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
966efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
967efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
968efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
969efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
970efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
971efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
972efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
973efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
974efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
975efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
976efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
977efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
978efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
979efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
980efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
981efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
982efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
983efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
984efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
985efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
986efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
987efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
988efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
989efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
990efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
991efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
992efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
993efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
994efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
995efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
996efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
997efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
998efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
999efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1000efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1001efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1002efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1003efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=327561BCBADC135831FD13C5C67C5E26F4E2B805
1004efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1005efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1006efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1007efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1008efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1009efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1010efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1011efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1012efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1013efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1014efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1015efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1016efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1017efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1018efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1019efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1020efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1021efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1022efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1023efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1024efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1025efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1026efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1027efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1028efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1029efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1030efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1031efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF72C9DFDFB7D1CBA26FE4829B56F7B244C8A875
1032efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1033efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1034efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1035efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1036efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1037efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1038efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
1039efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1040efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1041efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1042efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1043efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1044efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1045efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1046efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1047efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1048efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1049efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1050efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1051efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1052efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1053efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1054efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1055efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1056efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1057efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1058efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1059efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=950A18CED6C5D5CAB1335676119FFFE11307EF04
1060efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1061efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1062efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1063efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1064efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1065efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1066efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1067efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1068efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1069efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1070efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1071efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1072efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1073efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1074efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1075efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1076efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1077efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1078efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1079efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1080efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1081efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BBB1FC4DED54F17702B287B63F8FE24EE5D7844
1082efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1083efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1084efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1085efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1086efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1087efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1088efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1089efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1090efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1091efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1093efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1094efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1095efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1096efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1097efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1098efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1099efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1100efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1101efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1102efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1103efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1104efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1105efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1106efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1107efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1108efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1109efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1110efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E38DB7758ACD985E98AD6101CED724203843D038
1111efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1112efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1113efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1114efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1115efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1116efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1117efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1118efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD34F960ED54F1FB26E76A32FB91273E3093869E
1119efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1120efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1121efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1122efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1123efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1124efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1125efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C47BBB61CB0D4D781B3BEC602422D40A0784762
1126efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1127efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1128efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1129efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1130efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000790f90:C:\Windows\system32 [calling]
1131efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd230000 'C:\Windows\system32\crypt32.dll'
1132efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1133efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1134efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1135efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1136efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1137efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1138efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1139efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1140efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1141efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1142efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1143efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1144efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1145efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1146efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1147efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1148efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1149efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1150efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1151efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1152efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1153efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1154efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1155efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1156efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1157efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1158efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1159efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1160efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1161efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1162efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1163efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1164efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1165efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1166efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1167efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1168efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1169efc.14f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1170efc.14f4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=38
1171efc.14f4: SUPR3HardenedMain: Load Runtime...
1172efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1173efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1174efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1175efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1176efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1177efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1178efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1179efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1180efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1181efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1182efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1183efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1184efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1185efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1186efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1187efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1188efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1189efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1190efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1191efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1192efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1193efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1194efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1195efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1196efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1197efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1198efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1199efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1200efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1201efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1202efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1203efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1204efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1205efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1206efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1207efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1208efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1209efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1210efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1211efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1212efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1213efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1214efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1215efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1216efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1217efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1218efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1219efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1220efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1221efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1222efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1223efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1224efc.14f4: supR3HardenedDllNotificationCallback: load 000007fee7770000 LB 0x00537000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1225efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1226efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1227efc.14f4: supR3HardenedDllNotificationCallback: load 00000000707a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1228efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1229efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1230efc.14f4: supR3HardenedDllNotificationCallback: load 0000000070700000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1231efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1232efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe0e0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1233efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1234efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe620000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1235efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1236efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1237efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1238efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1239efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1240efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1241efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1242efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1243efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1244efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1245efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1246efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1247efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1248efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1249efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1250efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1251efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1252efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1253efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1254efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1255efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1256efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1257efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1259efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1260efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1261efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1262efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1263efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1264efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1265efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1266efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1267efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1268efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1269efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1270efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1271efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1272efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1273efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1274efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1275efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1276efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1277efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1278efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1279efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1280efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006e4ed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Lenovo\Password Manager\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\Skype\Phone\;C:\Windows\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin [calling]
1281efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1282efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1283efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1284efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1285efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1286efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000752c20:C:\Windows\system32 [calling]
1287efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\Wintrust.dll'
1288efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1289efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000752c20:C:\Windows\system32 [calling]
1290efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd230000 'C:\Windows\system32\crypt32.dll'
1291efc.14f4: SUPR3HardenedMain: Load TrustedMain...
1292efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1293efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1294efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1295efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1296efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1297efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1298efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1299efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1300efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1301efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1302efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1303efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1304efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1305efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1306efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1307efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1308efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1309efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1310efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1311efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1312efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1313efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1314efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1315efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1316efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1317efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1318efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1319efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1320efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1321efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1322efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1323efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1324efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1325efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1326efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1327efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1328efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1329efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1330efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1331efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1332efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1333efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1334efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1335efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1336efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1337efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1338efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1339efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1340efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1341efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1342efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1343efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1344efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1345efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1346efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1347efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1348efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1349efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1350efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1351efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1352efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1353efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1354efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1355efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1356efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1357efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1358efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1359efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1360efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1361efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1362efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1363efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1364efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1365efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1366efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1367efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1368efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1369efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1370efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1371efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1372efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1373efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1374efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1375efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1376efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1377efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1378efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1379efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1380efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1381efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1382efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1383efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1384efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1385efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1386efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1387efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1388efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1389efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1390efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1391efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1392efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1393efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1394efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1395efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1396efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1397efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1398efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1399efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1400efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1401efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1402efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1403efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1404efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1405efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1406efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1407efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1408efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1409efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1410efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1411efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1412efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1413efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1414efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1415efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1416efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1417efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1418efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1419efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1420efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1421efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1422efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1423efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1424efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1425efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1426efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1427efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1428efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1429efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1430efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1431efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1432efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1433efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1434efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1435efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1436efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1437efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1438efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1439efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1440efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1441efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1442efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1443efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1444efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1445efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1446efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1447efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1448efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1449efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1450efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1451efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1452efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1453efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1454efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1455efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1456efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1457efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1458efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1459efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1460efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1461efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1462efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1463efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1464efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1465efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1466efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1467efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1468efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1469efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1470efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1471efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1472efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1473efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1474efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1475efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1476efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1477efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1478efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1479efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1480efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1481efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1482efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1483efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1484efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1485efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1486efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1487efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1488efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1489efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1490efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1491efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1492efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1493efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1494efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1495efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1496efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1497efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1498efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1499efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1500efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1501efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1502efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1503efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1504efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1505efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1506efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1507efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1508efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1509efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1510efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1511efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1512efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1513efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1514efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1515efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1516efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1517efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1518efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1519efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1520efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1521efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1522efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1523efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1524efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1525efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1526efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1529efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1530efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1531efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1532efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1533efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1534efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1535efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1536efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1537efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1538efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1539efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1540efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1541efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1542efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1543efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1544efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1545efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1546efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1547efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1548efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1549efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1550efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1551efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1552efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1553efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1554efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1555efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1556efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1557efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1558efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1559efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1560efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1561efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1562efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1563efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1564efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1565efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1566efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1567efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1568efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1569efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1570efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1571efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1572efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1573efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1574efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1575efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1576efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1577efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1578efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1579efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1580efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1581efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1582efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1583efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1584efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1585efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1586efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1587efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1588efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1589efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1590efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1591efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1592efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1593efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1594efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1595efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1596efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1597efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1598efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1599efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1600efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1601efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1602efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1603efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1604efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1605efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1606efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1607efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1608efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1609efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1610efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1611efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1612efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1613efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1614efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1615efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1616efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1617efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1618efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1619efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1620efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1621efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1622efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1623efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1624efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1625efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1626efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1627efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1628efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1629efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1630efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1631efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1632efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1633efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1634efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1635efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1636efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1637efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1638efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1639efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1640efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1641efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1642efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1643efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1644efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1645efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1646efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1647efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1648efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1649efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1650efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1651efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1652efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1653efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1654efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1655efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1656efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1657efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1658efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1659efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1660efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1661efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1662efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1663efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1664efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1665efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1666efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C408F88301F22BE596490B4A80BD2E09034763B4
1667efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1668efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1669efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1670efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1671efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1672efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1673efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1674efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1675efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1676efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1677efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1678efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1679efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1680efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1681efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1682efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1683efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1684efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1685efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1686efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1687efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1688efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1689efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1690efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1691efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1692efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1693efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1694efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1695efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1696efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1697efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1698efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C9D8A0CA28E607D6CBDB572E9C7896DA20280E0
1699efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1700efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1701efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1702efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1703efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1704efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1705efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1706efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1707efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1708efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1709efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1710efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1711efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1712efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1713efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1714efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1715efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1716efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1717efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1718efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1719efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1720efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1721efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1722efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1723efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1724efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1725efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1726efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1727efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1728efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1729efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1730efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1731efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1732efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1733efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1734efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1735efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1736efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1737efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1738efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1739efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1740efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1741efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1742efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1743efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1744efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1745efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1746efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1747efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1748efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1749efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1750efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1751efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1752efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1755efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1756efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1757efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1758efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1759efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1760efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1761efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1762efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1763efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1764efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1765efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1766efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1767efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1768efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1769efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1770efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1771efc.14f4: supR3HardenedDllNotificationCallback: load 000007fee6ef0000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1772efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1773efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1774efc.14f4: supR3HardenedDllNotificationCallback: load 000007fee6dd0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1775efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1776efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1777efc.14f4: supR3HardenedDllNotificationCallback: load 000007feeba10000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1778efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1779efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1780efc.14f4: supR3HardenedDllNotificationCallback: load 000007fee6cd0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1781efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1782efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1783efc.14f4: supR3HardenedDllNotificationCallback: load 000007feebb50000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1784efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1785efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe630000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1786efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1787efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1788efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1789efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1790efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1791efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefdb40000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1792efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1793efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd580000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1794efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1795efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1796efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefb410000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1797efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1798efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1799efc.14f4: supR3HardenedDllNotificationCallback: load 000000006ee50000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1800efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1801efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1802efc.14f4: supR3HardenedDllNotificationCallback: load 000000006c410000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1803efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1804efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1805efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1806efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1807efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1808efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1809efc.14f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1810efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1811efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef4320000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1812efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1813efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1814efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1815efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1816efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef9c10000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1817efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1818efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1819efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef45e0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1820efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1821efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1822efc.14f4: supR3HardenedDllNotificationCallback: load 00000000705f0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1823efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1824efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1825efc.14f4: supR3HardenedDllNotificationCallback: load 000000006ed70000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1826efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1827efc.14f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1828efc.14f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1829efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1830efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1831efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1832efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1833efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1834efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1835efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1836efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bf70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1837efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\Windows\system32\imm32.dll'
1838efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6ef0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1839efc.14f4: SUPR3HardenedMain: Calling TrustedMain (000007fee6ef1ca0)...
1840efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1841efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1842efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
1843efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000594 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1844efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1845efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1846efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1847efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1848efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1849efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1850efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1851efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1852efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
1853efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1854efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1855efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1856efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1857efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1858efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1859efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1860efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9530:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1861efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1862efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefb650000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1863efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1864efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1865efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1866efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9530:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1867efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1868efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1869efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9740:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1870efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1871efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1872efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9740:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1873efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1874efc.14f4: \Device\HarddiskVolume2\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll: Owner is administrators group.
1875efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1876efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
1877efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wintrust.dll'.
1878efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1879efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1880efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll)WinVerifyTrust
1881efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll
1882efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1883efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1884efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1885efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1886efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'...
1887efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' [rcNtRedir=0xc0150008]
1888efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1889efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1890efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1891efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1892efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1893efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1894efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030cfdf0:C:\Program Files\Lenovo\Password Manager;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1895efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll
1896efc.14f4: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x000a7000 C:\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll [fFlags=0x0]
1897efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll
1898efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Program Files\Lenovo\Password Manager\tvtpwm_windows_hook_x64.dll'
1899efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1900efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1901efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\Windows\system32\dwmapi.dll'
1902efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1903efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1904efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CRYPTBASE.dll'
1905efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1906efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1907efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\shell32.dll'
1908efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1909efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1910efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\kernel32.dll'
1911efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1912efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1913efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1914efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1915efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1916efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1917efc.14f4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1918efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1919efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1920efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\user32.dll'
1921efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1922efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1923efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\uxtheme.dll'
1924efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\user32.dll'
1925efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\advapi32.dll'
1926efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1927efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1928efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd440000 'C:\Windows\system32\userenv.dll'
1929efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1930efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1931efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\kernel32.dll'
1932efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ec pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1933efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1934efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1935efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1936efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1937efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1938efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1939efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1940efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1941efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1942efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1943efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1944efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
1945efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1946efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1947efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1948efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1949efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1950efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1951efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1952efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1953efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1954efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1955efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1956efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1957efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1958efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1959efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1960efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1961efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075bca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1962efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1963efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefe580000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1964efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1965efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe580000 'C:\Windows\system32\CLBCatQ.DLL'
1966efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1967efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c510:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1968efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
1969efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1970efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c510:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1971efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\CRYPTSP.dll'
1972efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000060c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1973efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1974efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1975efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1976efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1977efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1978efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1979efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
1980efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1981efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1982efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1983efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c510:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1984efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1985efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1986efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1987efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\RpcRtRemote.dll'
1988efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1989efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9950:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1990efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\oleaut32.dll'
1991efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1992efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
1993efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
1994efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
1995efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1996efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1997efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
1998efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1999efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c7e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2000efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2001efc.14f4: supR3HardenedDllNotificationCallback: load 000007fefd0c0000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2002efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2003efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\SXS.DLL'
2004efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
2005efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2006efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075cb40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2007efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\OLEAUT32.dll'
2008efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
2009efc.14f4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2010efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003181e90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2011efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2012efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe830000 'C:\Windows\system32\gdi32.dll'
2013efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2014efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2015efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2016efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2017efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2018efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2019efc.1608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2020efc.1608: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
2021efc.1608: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2022efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2023efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2024efc.1608: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2025efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2026efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2027efc.1608: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2028efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2029efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2030efc.1608: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2031efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2032efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2033efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2034efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2035efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2036efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2037efc.1608: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2038efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2039efc.1608: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2040efc.1608: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007885e0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2041efc.1608: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2042efc.1608: supR3HardenedDllNotificationCallback: load 000007fee6060000 LB 0x004f9000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2043efc.1608: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2044efc.1608: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6060000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2045efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2046efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2047efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\user32.dll'
2048efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2049efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2050efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\shell32.dll'
2051efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2052efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000075c870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2053efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2054efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2055efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031841f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2056efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2057efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2058efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031841f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2059efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\OLEAUT32.dll'
2060efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009b4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2061efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2062efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2063efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2064efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2065efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2066efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2067efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2068efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2069efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2070efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2071efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2072efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
2073efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2074efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2075efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2076efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2077efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2078efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2079efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2080efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2081efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2082efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2083efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2084efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2085efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2086efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2087efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2088efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2089efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2090efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2091efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2092efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2093efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2094efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2095efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2096efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
2097efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2098efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2099efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2100efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2101efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2102efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2103efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2104efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2105efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2106efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2107efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2108efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2109efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2110efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2111efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005f0c10:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2112efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2113efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef8620000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2114efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2115efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2116efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef8590000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2117efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2118efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8620000 'C:\Windows\system32\wbem\wbemprox.dll'
2119efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2120efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2121efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2122efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2123efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2124efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2125efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2126efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2127efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2128efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2129efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2130efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2131efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2132efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2133efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005f0c10:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2134efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2135efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef3b00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2136efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2137efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3b00000 'C:\Windows\system32\wbem\wbemsvc.dll'
2138efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2139efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2140efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2141efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2142efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2143efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2144efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2145efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2146efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2147efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2148efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2149efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2150efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2151efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2152efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2153efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2154efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2155efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2156efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2157efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2158efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2159efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2160efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2161efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2162efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2163efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
2164efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2165efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2166efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2167efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2168efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2169efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2170efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2171efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2172efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2173efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2174efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2175efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2176efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2177efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2178efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2179efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2180efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2181efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2182efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2183efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2184efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005f0c10:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2185efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2186efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef3cf0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2187efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2188efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2189efc.14f4: supR3HardenedDllNotificationCallback: load 000007fef3cc0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2190efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2191efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3cf0000 'C:\Windows\system32\wbem\fastprox.dll'
2192efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\OLEAUT32.dll'
2193efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2194efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2195efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2196efc.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
2197efc.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2198efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2199efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2200efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2201efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2202efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2203efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2204efc.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2205efc.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
2206efc.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2207efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2208efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2209efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2210efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2211efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2212efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2213efc.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2214efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2215efc.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2216efc.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2217efc.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2218efc.1434: supR3HardenedDllNotificationCallback: load 000007fee5450000 LB 0x00262000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2219efc.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2220efc.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2221efc.1434: supR3HardenedDllNotificationCallback: load 000000006bfb0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2222efc.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2223efc.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2224efc.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2225efc.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2226efc.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2227efc.1720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2228efc.1720: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2229efc.1720: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2230efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2231efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2232efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2233efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2234efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2235efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2236efc.1720: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2237efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2238efc.1720: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2239efc.1720: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2240efc.1720: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2241efc.1720: supR3HardenedDllNotificationCallback: load 000007feed870000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2242efc.1720: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2243efc.1720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed870000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2244efc.170c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2245efc.170c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2246efc.170c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2247efc.170c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2248efc.170c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2249efc.170c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2250efc.170c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2251efc.170c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2252efc.170c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2253efc.170c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2254efc.170c: supR3HardenedDllNotificationCallback: load 000007feed860000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2255efc.170c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2256efc.170c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed860000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2257efc.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2258efc.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2259efc.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2260efc.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
2261efc.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2262efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2263efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2264efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2265efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2266efc.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2267efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2268efc.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2269efc.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2270efc.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2271efc.1710: supR3HardenedDllNotificationCallback: load 000007feed400000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2272efc.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2273efc.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2274efc.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2275efc.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2276efc.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2277efc.16f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
2278efc.16f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2279efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2280efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2281efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2282efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2283efc.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2284efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2285efc.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2286efc.16f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2287efc.16f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2288efc.16f8: supR3HardenedDllNotificationCallback: load 000007feed3f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2289efc.16f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2290efc.16f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2291efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2292efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2293efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2294efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32/Shell32.dll'
2295efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2296efc.638: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2297efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2298efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2299efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2300efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\profapi.dll'
2301efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2302efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2303efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2304efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2305efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2306efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2307efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2308efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2309efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2310efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2311efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
2312efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2313efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2314efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2315efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2316efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2317efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2318efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2319efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2320efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2321efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2322efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2323efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2324efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2325efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2326efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2327efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2328efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2329efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2330efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2331efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2332efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2333efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2334efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2335efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2336efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2337efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2338efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2339efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2340efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2341efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2342efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
2343efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2344efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2345efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2346efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2347efc.f94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\OLEAUT32.dll'
2348efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2349efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2350efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2351efc.cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2352efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2353efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2354efc.cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2355efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2356efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2357efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2358efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2359efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000694 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2360efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2361efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2362efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2363efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2364efc.cc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2365efc.cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2366efc.cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2367efc.cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2368efc.cc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust
2369efc.cc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2370efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2371efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2372efc.cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2373efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2374efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2375efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2376efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2377efc.cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2378efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2379efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2380efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2381efc.cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2382efc.cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\OLEAUT32.dll'
2383efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2384efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2385efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2386efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2387efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2388efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2389efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
2390efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2391efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2392efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2393efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2394efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2395efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2396efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2397efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2398efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2399efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2400efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2401efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2402efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000069c pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2403efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2404efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2405efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2406efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2407efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2408efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2409efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2410efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2411efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2412efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2413efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2414efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2415efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
2416efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2417efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2418efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2419efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2420efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2421efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2422efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2423efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2424efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2425efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2426efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2427efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2428efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2429efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2430efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2431efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2432efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2433efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2434efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2435efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2436efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2437efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2438efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2439efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2440efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2441efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2442efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2443efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2444efc.638: supR3HardenedDllNotificationCallback: load 000007fee4460000 LB 0x008d2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2445efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2446efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2447efc.638: supR3HardenedDllNotificationCallback: load 000007fee6c00000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2448efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2449efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2450efc.638: supR3HardenedDllNotificationCallback: load 000007fee6c70000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
2451efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2452efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2453efc.638: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2454efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2455efc.638: supR3HardenedDllNotificationCallback: load 000007fefbfb0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2456efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2457efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2458efc.638: supR3HardenedDllNotificationCallback: load 000007fee67c0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2459efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2460efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2461efc.638: supR3HardenedDllNotificationCallback: load 000007fef9c80000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2462efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2463efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2464efc.638: supR3HardenedDllNotificationCallback: load 000007fef9290000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2465efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2466efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4460000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2467efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a0 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2468efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2469efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2470efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2471efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2472efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2473efc.638: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2474efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2475efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2476efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2477efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e9d50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2478efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2479efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6060000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2480efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2481efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e9d50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2482efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2483efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee67c0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2484efc.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2485efc.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2486efc.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2487efc.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
2488efc.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2489efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2490efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2491efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2492efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2493efc.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2494efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2495efc.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2496efc.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2497efc.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2498efc.e60: supR3HardenedDllNotificationCallback: load 000007feed3e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2499efc.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2500efc.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2501efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca0 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2502efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2503efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2504efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2505efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2506efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2507efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2508efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2509efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2510efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2511efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2512efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2513efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
2514efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2515efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2516efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2517efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca4 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2518efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2519efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2520efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2521efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2522efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2523efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2524efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2525efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2526efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
2527efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2528efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2529efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2530efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2531efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2532efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2533efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2534efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2535efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2536efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2537efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2538efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2539efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2540efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2541efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2542efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2543efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2544efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2545efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2546efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9ed0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2547efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2548efc.638: supR3HardenedDllNotificationCallback: load 000007fee4350000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2549efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2550efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2551efc.638: supR3HardenedDllNotificationCallback: load 000007fef9fd0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2552efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2553efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2554efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5550:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2555efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4350000 'C:\Windows\System32\dsound.dll'
2556efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4350000 'C:\Windows\System32\dsound.dll'
2557efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca8 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2558efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2559efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2560efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2561efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2562efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2563efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2564efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2565efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2566efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2567efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust
2568efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2569efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2570efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2571efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ccc pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2572efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2573efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2574efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2575efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2576efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2577efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2578efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2579efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2580efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2581efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2582efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust
2583efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2584efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2585efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2586efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2587efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2588efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2589efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2590efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2591efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2592efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2593efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2594efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2595efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2596efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2597efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2598efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2599efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2600efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9ed0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2601efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2602efc.638: supR3HardenedDllNotificationCallback: load 000007fefb430000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2603efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2604efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2605efc.638: supR3HardenedDllNotificationCallback: load 000007fefb6b0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2606efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2607efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe400000 'C:\Windows\system32\ADVAPI32.dll'
2608efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb430000 'C:\Windows\System32\MMDevApi.dll'
2609efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2610efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e55e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2611efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2612efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2613efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e55e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2614efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\Windows\system32\SETUPAPI.dll'
2615efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2616efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e55e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2617efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\SHLWAPI.dll'
2618efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2619efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e55e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2620efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb430000 'C:\Windows\system32\MMDEVAPI.DLL'
2621efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2622efc.584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2623efc.584: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2624efc.584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'C:\Windows\system32\CFGMGR32.dll'
2625efc.354: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d20 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2626efc.354: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2627efc.354: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2628efc.354: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
2629efc.354: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
2630efc.354: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2631efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2632efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2633efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2634efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2635efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2636efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2637efc.354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2638efc.354: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust
2639efc.354: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2640efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2641efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2642efc.354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2643efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2644efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2645efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2646efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2647efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2648efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2649efc.354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2650efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2651efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2652efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2653efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2654efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2655efc.354: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2656efc.354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031843a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2657efc.354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2658efc.354: supR3HardenedDllNotificationCallback: load 000007fef9a50000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
2659efc.354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2660efc.354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a50000 'C:\Windows\system32\AUDIOSES.DLL'
2661efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2662efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2663efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2664efc.638: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2665efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2666efc.638: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2667efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2668efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\Windows\system32\RPCRT4.dll'
2669efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2670efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2671efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb430000 'C:\Windows\system32\MMDevAPI.DLL'
2672efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d6c pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2673efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2674efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2675efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2676efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2677efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2678efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2679efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2680efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2681efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2682efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2683efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2684efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2685efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2686efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust
2687efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2688efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2689efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2690efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d70 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2691efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2692efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2693efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2694efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2695efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2696efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust
2697efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2698efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2699efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2700efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2701efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2702efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2703efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2704efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2705efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2706efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2707efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2708efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2709efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2710efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust
2711efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2712efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2713efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2714efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2715efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2716efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2717efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2718efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2719efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2720efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2721efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2722efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2723efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2724efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2725efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2726efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2727efc.638: supR3HardenedDllNotificationCallback: load 000007fef9bd0000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2728efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2729efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2730efc.638: supR3HardenedDllNotificationCallback: load 0000000074eb0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
2731efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2732efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2733efc.638: supR3HardenedDllNotificationCallback: load 000007fef9fc0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
2734efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2735efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2736efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2737efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2738efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2739efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2740efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2741efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2742efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2743efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2744efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2745efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2746efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2747efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2748efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2749efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2750efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2751efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2752efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2753efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2754efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\Windows\system32\wdmaud.drv'
2755efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d88 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2756efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2757efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2758efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
2759efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2760efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2761efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2762efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2763efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2764efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
2765efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
2766efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust
2767efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2768efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2769efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2770efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2771efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2772efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2773efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000da0 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
2774efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2775efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2776efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
2777efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
2778efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2779efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2780efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2781efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2782efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2783efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2784efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust
2785efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2786efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2787efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2788efc.638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2789efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2790efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2791efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2792efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2793efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2794efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2795efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2796efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2797efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2798efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2799efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2800efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2801efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2802efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2803efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2804efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2805efc.638: supR3HardenedDllNotificationCallback: load 000007fef9a40000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
2806efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2807efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2808efc.638: supR3HardenedDllNotificationCallback: load 000007fef9a20000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
2809efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2810efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2811efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2812efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2813efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2814efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2815efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2816efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2817efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2818efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2819efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2820efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2821efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2822efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2823efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2824efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2825efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2826efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2827efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2828efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2829efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2830efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2831efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a40000 'C:\Windows\system32\msacm32.drv'
2832efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d7c pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
2833efc.638: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2834efc.638: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2835efc.638: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
2836efc.638: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
2837efc.638: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2838efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2839efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2840efc.638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2841efc.638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust
2842efc.638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2843efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2844efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2845efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2846efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2847efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2848efc.638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2849efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2850efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2851efc.638: supR3HardenedDllNotificationCallback: load 000007fef9a10000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
2852efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2853efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a10000 'C:\Windows\system32\midimap.dll'
2854efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2855efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2856efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a10000 'C:\Windows\system32\midimap.dll'
2857efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2858efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2859efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a10000 'C:\Windows\system32\midimap.dll'
2860efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2861efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2862efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a10000 'C:\Windows\system32\midimap.dll'
2863efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2864efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2865efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2866efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2867efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb40000 'C:\Windows\system32\ole32.dll'
2868efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2869efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2870efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2871efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2872efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2873efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c10000 'C:\Windows\system32\winmm.dll'
2874efc.1638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2875efc.1638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030ca450:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2876efc.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a50000 'C:\Windows\System32\audioses.dll'
2877efc.638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2878efc.638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045e5790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2879efc.638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2880efc.638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32/kernel32.dll'
2881efc.838: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2882efc.838: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183bc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2883efc.838: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9fc0000 'C:\Windows\system32\avrt.dll'
2884efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a40 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
2885efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2886efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2887efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2888efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000465bc60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2889efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\WINTRUST.DLL'
2890efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2891efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000465bc60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2892efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd230000 'C:\Windows\system32\CRYPT32.dll'
2893efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B48D4C63C7308FE42B2B7DF054999F6CE86C20
2894efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8520000 'C:\Windows\system32\cryptnet.dll'
2895efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
2896efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2897efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2898efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
2899efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2900efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2901efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll)WinVerifyTrust
2902efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
2903efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2904efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2905efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2906efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2907efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2908efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2909efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2910efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2911efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2912efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000465bbd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2913efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
2914efc.14f4: supR3HardenedDllNotificationCallback: load 000007feed4d0000 LB 0x0009c000 C:\Windows\system32\mscms.dll [fFlags=0x0]
2915efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
2916efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed4d0000 'C:\Windows\system32\mscms.dll'
2917efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
2918efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2919efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2920efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A467A1C0C873D06FC9374DE3DAC05A8C3CE89002
2921efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
2922efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2923efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2924efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
2925efc.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2926efc.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll)WinVerifyTrust
2927efc.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
2928efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2929efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2930efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
2931efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
2932efc.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
2933efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2934efc.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2935efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000465bbd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2936efc.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
2937efc.14f4: supR3HardenedDllNotificationCallback: load 000007feeb8c0000 LB 0x00042000 C:\Windows\system32\icm32.dll [fFlags=0x0]
2938efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
2939efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb8c0000 'C:\Windows\system32\icm32.dll'
2940efc.14f4: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2941efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2942efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2943efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000072b210
2944efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000072b210
2945efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2946efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2947efc.14f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2948efc.14f4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2949efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000031f2950:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2950efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4320000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2951efc.e60: supR3HardenedDllNotificationCallback: Unload 000007feed3e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
2952efc.16f8: supR3HardenedDllNotificationCallback: Unload 000007feed3f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2953efc.1710: supR3HardenedDllNotificationCallback: Unload 000007feed400000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2954efc.170c: supR3HardenedDllNotificationCallback: Unload 000007feed860000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2955efc.1720: supR3HardenedDllNotificationCallback: Unload 000007feed870000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2956efc.638: supR3HardenedDllNotificationCallback: Unload 000007fee4460000 LB 0x008d2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2957efc.638: supR3HardenedDllNotificationCallback: Unload 000007fef9c80000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
2958efc.638: supR3HardenedDllNotificationCallback: Unload 000007fef9290000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
2959efc.638: supR3HardenedDllNotificationCallback: Unload 000007fee67c0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2960efc.638: supR3HardenedDllNotificationCallback: Unload 000007fee6c00000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2961efc.638: supR3HardenedDllNotificationCallback: Unload 000007fee6c70000 LB 0x00051000 C:\Windows\system32\newdev.dll [flags=0x0]
2962efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fef3cf0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2963efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fef3cc0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2964efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fef3b00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2965efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fef8620000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2966efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fef8590000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2967efc.14f4: supR3HardenedDllNotificationCallback: Unload 000007fee6060000 LB 0x004f9000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2968efc.14f4: Terminating the normal way: rcExit=0
2969efc.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2970efc.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005ed760:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2971efc.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\WINTRUST.dll'
29721244.1084: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31627669 ms, the end);
2973f20.13b0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31628546 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy