VirtualBox

Ticket #14747: VBoxHardening.log

File VBoxHardening.log, 418.5 KB (added by noname1, 9 years ago)
Line 
1c18.c5c: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000024 g_uNtVerCombined=0x611db110
2c18.c5c: \SystemRoot\System32\ntdll.dll:
3c18.c5c: CreationTime: 2015-09-18T13:33:12.274905100Z
4c18.c5c: LastWriteTime: 2015-07-23T00:03:19.290418300Z
5c18.c5c: ChangeTime: 2015-09-18T14:46:28.404982800Z
6c18.c5c: FileAttributes: 0x20
7c18.c5c: Size: 0x1a67c0
8c18.c5c: NT Headers: 0xe0
9c18.c5c: Timestamp: 0x55b02e88
10c18.c5c: Machine: 0x8664 - amd64
11c18.c5c: Timestamp: 0x55b02e88
12c18.c5c: Image Version: 6.1
13c18.c5c: SizeOfImage: 0x1a9000 (1740800)
14c18.c5c: Resource Dir: 0x14d000 LB 0x5a028
15c18.c5c: ProductName: Microsoft® Windows® Operating System
16c18.c5c: ProductVersion: 6.1.7601.18939
17c18.c5c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
18c18.c5c: FileDescription: NT Layer DLL
19c18.c5c: \SystemRoot\System32\kernel32.dll:
20c18.c5c: CreationTime: 2015-09-18T13:33:12.181364500Z
21c18.c5c: LastWriteTime: 2015-07-23T00:02:40.437000000Z
22c18.c5c: ChangeTime: 2015-09-18T14:46:28.592182800Z
23c18.c5c: FileAttributes: 0x20
24c18.c5c: Size: 0x11c000
25c18.c5c: NT Headers: 0xe8
26c18.c5c: Timestamp: 0x55b02e7a
27c18.c5c: Machine: 0x8664 - amd64
28c18.c5c: Timestamp: 0x55b02e7a
29c18.c5c: Image Version: 6.1
30c18.c5c: SizeOfImage: 0x11f000 (1175552)
31c18.c5c: Resource Dir: 0x116000 LB 0x528
32c18.c5c: ProductName: Microsoft® Windows® Operating System
33c18.c5c: ProductVersion: 6.1.7601.18939
34c18.c5c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
35c18.c5c: FileDescription: Windows NT BASE API Client DLL
36c18.c5c: \SystemRoot\System32\KernelBase.dll:
37c18.c5c: CreationTime: 2015-09-18T13:33:13.257081400Z
38c18.c5c: LastWriteTime: 2015-07-23T00:02:40.437000000Z
39c18.c5c: ChangeTime: 2015-09-18T14:46:28.592182800Z
40c18.c5c: FileAttributes: 0x20
41c18.c5c: Size: 0x67a00
42c18.c5c: NT Headers: 0xe8
43c18.c5c: Timestamp: 0x55b02e7b
44c18.c5c: Machine: 0x8664 - amd64
45c18.c5c: Timestamp: 0x55b02e7b
46c18.c5c: Image Version: 6.1
47c18.c5c: SizeOfImage: 0x6c000 (442368)
48c18.c5c: Resource Dir: 0x6a000 LB 0x530
49c18.c5c: ProductName: Microsoft® Windows® Operating System
50c18.c5c: ProductVersion: 6.1.7601.18939
51c18.c5c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
52c18.c5c: FileDescription: Windows NT BASE API Client DLL
53c18.c5c: \SystemRoot\System32\apisetschema.dll:
54c18.c5c: CreationTime: 2015-09-18T13:33:14.286028000Z
55c18.c5c: LastWriteTime: 2015-07-22T23:52:01.328000000Z
56c18.c5c: ChangeTime: 2015-09-18T14:46:28.389382800Z
57c18.c5c: FileAttributes: 0x20
58c18.c5c: Size: 0x1a00
59c18.c5c: NT Headers: 0xc0
60c18.c5c: Timestamp: 0x55b02ce6
61c18.c5c: Machine: 0x8664 - amd64
62c18.c5c: Timestamp: 0x55b02ce6
63c18.c5c: Image Version: 6.1
64c18.c5c: SizeOfImage: 0x50000 (327680)
65c18.c5c: Resource Dir: 0x30000 LB 0x3f8
66c18.c5c: ProductName: Microsoft® Windows® Operating System
67c18.c5c: ProductVersion: 6.1.7601.18939
68c18.c5c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
69c18.c5c: FileDescription: ApiSet Schema DLL
70c18.c5c: Found driver SysPlant (0x1)
71c18.c5c: Found driver SymNetS (0x2)
72c18.c5c: Found driver SRTSPX (0x2)
73c18.c5c: Found driver SymEvent (0x2)
74c18.c5c: Found driver SymIRON (0x2)
75c18.c5c: supR3HardenedWinFindAdversaries: 0x3
76c18.c5c: \SystemRoot\System32\drivers\SysPlant.sys:
77c18.c5c: CreationTime: 2015-09-18T13:02:34.833228700Z
78c18.c5c: LastWriteTime: 2015-09-18T13:02:34.833228700Z
79c18.c5c: ChangeTime: 2015-09-18T13:02:34.833228700Z
80c18.c5c: FileAttributes: 0x2020
81c18.c5c: Size: 0x29170
82c18.c5c: NT Headers: 0xf0
83c18.c5c: Timestamp: 0x55ba08b1
84c18.c5c: Machine: 0x8664 - amd64
85c18.c5c: Timestamp: 0x55ba08b1
86c18.c5c: Image Version: 5.0
87c18.c5c: SizeOfImage: 0x2f000 (192512)
88c18.c5c: Resource Dir: 0x2d000 LB 0x498
89c18.c5c: ProductName: Symantec CMC Firewall
90c18.c5c: ProductVersion: 12.1.6318.6100
91c18.c5c: FileVersion: 12.1.6318.6100
92c18.c5c: FileDescription: Symantec CMC Firewall SysPlant
93c18.c5c: \SystemRoot\System32\sysfer.dll:
94c18.c5c: CreationTime: 2015-09-18T13:02:34.833228700Z
95c18.c5c: LastWriteTime: 2015-09-18T13:02:34.833228700Z
96c18.c5c: ChangeTime: 2015-09-18T13:02:34.833228700Z
97c18.c5c: FileAttributes: 0x2020
98c18.c5c: Size: 0x72038
99c18.c5c: NT Headers: 0xe8
100c18.c5c: Timestamp: 0x55ba08bc
101c18.c5c: Machine: 0x8664 - amd64
102c18.c5c: Timestamp: 0x55ba08bc
103c18.c5c: Image Version: 0.0
104c18.c5c: SizeOfImage: 0x89000 (561152)
105c18.c5c: Resource Dir: 0x87000 LB 0x630
106c18.c5c: ProductName: Symantec CMC Firewall
107c18.c5c: ProductVersion: 12.1.6318.6100
108c18.c5c: FileVersion: 12.1.6318.6100
109c18.c5c: FileDescription: Symantec CMC Firewall sysfer
110c18.c5c: \SystemRoot\System32\drivers\symevent64x86.sys:
111c18.c5c: CreationTime: 2015-09-18T13:03:54.486968600Z
112c18.c5c: LastWriteTime: 2015-09-18T13:03:54.471368600Z
113c18.c5c: ChangeTime: 2015-09-18T13:03:54.471368600Z
114c18.c5c: FileAttributes: 0x2020
115c18.c5c: Size: 0x2b8d8
116c18.c5c: NT Headers: 0xe8
117c18.c5c: Timestamp: 0x54b87d44
118c18.c5c: Machine: 0x8664 - amd64
119c18.c5c: Timestamp: 0x54b87d44
120c18.c5c: Image Version: 6.0
121c18.c5c: SizeOfImage: 0x38000 (229376)
122c18.c5c: Resource Dir: 0x36000 LB 0x3c8
123c18.c5c: ProductName: SYMEVENT
124c18.c5c: ProductVersion: 12.9.6.12
125c18.c5c: FileVersion: 12.9.6.12
126c18.c5c: FileDescription: Symantec Event Library
127c18.c5c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
128c18.c5c: Calling main()
129c18.c5c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
130c18.c5c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
131c18.c5c: SUPR3HardenedMain: Respawn #1
132c18.c5c: System32: \Device\HarddiskVolume2\Windows\System32
133c18.c5c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
134c18.c5c: KnownDllPath: C:\Windows\system32
135c18.c5c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
136c18.c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
137c18.c5c: supR3HardNtEnableThreadCreation:
138c18.c5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000776fb630 pvNtTerminateThread=000000007771dee0
139c18.c5c: supR3HardenedWinDoReSpawn(1): New child 1528.c88 [kernel32].
140c18.c5c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
141c18.c5c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000776d0000 uNtDllChildAddr=00000000776d0000
142c18.c5c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000776fb630
143c18.c5c: supR3HardenedWinSetupChildInit: Start child.
144c18.c5c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
145c18.c5c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
146c18.c5c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
147c18.c5c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
148c18.c5c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
149c18.c5c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
150c18.c5c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
151c18.c5c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
152c18.c5c: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000
153c18.c5c: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
154c18.c5c: 00000000002dc000-00000000002d8fff 0x0104/0x0004 0x0020000
155c18.c5c: 00000000002df000-00000000002ddfff 0x0004/0x0004 0x0020000
156c18.c5c: 00000000002e0000-ffffffff88eeffff 0x0001/0x0000 0x0000000
157c18.c5c: *00000000776d0000-00000000776d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
158c18.c5c: 00000000776d1000-00000000777cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
159c18.c5c: 00000000777cf000-00000000777fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
160c18.c5c: 00000000777fe000-0000000077805fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
161c18.c5c: 0000000077806000-0000000077806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
162c18.c5c: 0000000077807000-0000000077809fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
163c18.c5c: 000000007780a000-0000000077878fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
164c18.c5c: 0000000077879000-0000000070111fff 0x0001/0x0000 0x0000000
165c18.c5c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
166c18.c5c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
167c18.c5c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
168c18.c5c: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
169c18.c5c: *000000013ff80000-000000013ff80fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
170c18.c5c: 000000013ff81000-0000000140007fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
171c18.c5c: 0000000140008000-0000000140008fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
172c18.c5c: 0000000140009000-0000000140053fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
173c18.c5c: 0000000140054000-0000000140054fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
174c18.c5c: 0000000140055000-0000000140055fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
175c18.c5c: 0000000140056000-000000014005afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
176c18.c5c: 000000014005b000-000000014005bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
177c18.c5c: 000000014005c000-000000014005cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
178c18.c5c: 000000014005d000-0000000140060fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
179c18.c5c: 0000000140061000-00000001400abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
180c18.c5c: 00000001400ac000-00000001400a7fff 0x0001/0x0000 0x0000000
181c18.c5c: *00000001400b0000-00000001400aefff 0x0040/0x0040 0x0020000 !!
182c18.c5c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000001400b0000 (LB 0x1000, 00000001400b0000 LB 0x1000)
183c18.c5c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000001400b0000/00000001400b0000 LB 0/0x1000]
184c18.c5c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000001400b0000 LB 0x7fdbf940000 s=0x10000 ap=0x0 rp=0x00000000000001
185c18.c5c: 00000001400b1000-fffff80380771fff 0x0001/0x0000 0x0000000
186c18.c5c: *000007feff9f0000-000007feff9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
187c18.c5c: 000007feff9f1000-000007fdff431fff 0x0001/0x0000 0x0000000
188c18.c5c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
189c18.c5c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
190c18.c5c: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
191c18.c5c: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
192c18.c5c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
193c18.c5c: apisetschema.dll: timestamp 0x55b02ce6 (rc=VINF_SUCCESS)
194c18.c5c: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
195c18.c5c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
196c18.c5c: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
197c18.c5c: 000000013ff8016a / 0x000016a: 00 != 13
198c18.c5c: 000000013ff8016c / 0x000016c: 00 != 14
199c18.c5c: Restored 0x400 bytes of original file content at 000000013ff80000
200c18.c5c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
201c18.c5c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
202c18.c5c: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3 cPatchCount=0
203c18.c5c: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
204c18.c5c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
205c18.c5c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
206c18.c5c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
207c18.c5c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
208c18.c5c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
209c18.c5c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
210c18.c5c: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000
211c18.c5c: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
212c18.c5c: 00000000002dc000-00000000002d8fff 0x0104/0x0004 0x0020000
213c18.c5c: 00000000002df000-00000000002ddfff 0x0004/0x0004 0x0020000
214c18.c5c: 00000000002e0000-ffffffff88eeffff 0x0001/0x0000 0x0000000
215c18.c5c: *00000000776d0000-00000000776d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
216c18.c5c: 00000000776d1000-00000000777cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
217c18.c5c: 00000000777cf000-00000000777fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
218c18.c5c: 00000000777fe000-0000000077805fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
219c18.c5c: 0000000077806000-0000000077806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
220c18.c5c: 0000000077807000-0000000077807fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
221c18.c5c: 0000000077808000-0000000077809fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
222c18.c5c: 000000007780a000-0000000077878fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
223c18.c5c: 0000000077879000-0000000070111fff 0x0001/0x0000 0x0000000
224c18.c5c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
225c18.c5c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
226c18.c5c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
227c18.c5c: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
228c18.c5c: *000000013ff80000-000000013ff80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
229c18.c5c: 000000013ff81000-0000000140007fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
230c18.c5c: 0000000140008000-0000000140008fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
231c18.c5c: 0000000140009000-0000000140053fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
232c18.c5c: 0000000140054000-0000000140060fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
233c18.c5c: 0000000140061000-00000001400abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
234c18.c5c: 00000001400ac000-fffff80380767fff 0x0001/0x0000 0x0000000
235c18.c5c: *000007feff9f0000-000007feff9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
236c18.c5c: 000007feff9f1000-000007fdff431fff 0x0001/0x0000 0x0000000
237c18.c5c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
238c18.c5c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
239c18.c5c: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
240c18.c5c: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
241c18.c5c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
242c18.c5c: supR3HardNtChildPurify: Done after 1134 ms and 2 fixes (loop #1).
243c18.c5c: supR3HardNtEnableThreadCreation:
2441528.c88: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2451528.c88: supR3HardenedVmProcessInit: uNtDllAddr=00000000776d0000
2461528.c88: ntdll.dll: timestamp 0x55b02e88 (rc=VINF_SUCCESS)
2471528.c88: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
2481528.c88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2491528.c88: System32: \Device\HarddiskVolume2\Windows\System32
2501528.c88: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2511528.c88: KnownDllPath: C:\Windows\system32
2521528.c88: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2531528.c88: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2541528.c88: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2551528.c88: Registered Dll notification callback with NTDLL.
2561528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2571528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2581528.c88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2591528.c88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2601528.c88: supR3HardenedDllNotificationCallback: load 00000000774b0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2611528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2621528.c88: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2631528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2641528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2651528.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32\kernel32.dll'
2661528.c88: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000776fb630 pvNtTerminateThread=000000007771dee0
2671528.c88: \SystemRoot\System32\ntdll.dll:
2681528.c88: CreationTime: 2015-09-18T13:33:12.274905100Z
2691528.c88: LastWriteTime: 2015-07-23T00:03:19.290418300Z
2701528.c88: ChangeTime: 2015-09-18T14:46:28.404982800Z
2711528.c88: FileAttributes: 0x20
2721528.c88: Size: 0x1a67c0
2731528.c88: NT Headers: 0xe0
2741528.c88: Timestamp: 0x55b02e88
2751528.c88: Machine: 0x8664 - amd64
2761528.c88: Timestamp: 0x55b02e88
2771528.c88: Image Version: 6.1
2781528.c88: SizeOfImage: 0x1a9000 (1740800)
2791528.c88: Resource Dir: 0x14d000 LB 0x5a028
2801528.c88: ProductName: Microsoft® Windows® Operating System
2811528.c88: ProductVersion: 6.1.7601.18939
2821528.c88: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
2831528.c88: FileDescription: NT Layer DLL
2841528.c88: \SystemRoot\System32\kernel32.dll:
2851528.c88: CreationTime: 2015-09-18T13:33:12.181364500Z
2861528.c88: LastWriteTime: 2015-07-23T00:02:40.437000000Z
2871528.c88: ChangeTime: 2015-09-18T14:46:28.592182800Z
2881528.c88: FileAttributes: 0x20
2891528.c88: Size: 0x11c000
2901528.c88: NT Headers: 0xe8
2911528.c88: Timestamp: 0x55b02e7a
2921528.c88: Machine: 0x8664 - amd64
2931528.c88: Timestamp: 0x55b02e7a
2941528.c88: Image Version: 6.1
2951528.c88: SizeOfImage: 0x11f000 (1175552)
2961528.c88: Resource Dir: 0x116000 LB 0x528
2971528.c88: ProductName: Microsoft® Windows® Operating System
2981528.c88: ProductVersion: 6.1.7601.18939
2991528.c88: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
3001528.c88: FileDescription: Windows NT BASE API Client DLL
3011528.c88: \SystemRoot\System32\KernelBase.dll:
3021528.c88: CreationTime: 2015-09-18T13:33:13.257081400Z
3031528.c88: LastWriteTime: 2015-07-23T00:02:40.437000000Z
3041528.c88: ChangeTime: 2015-09-18T14:46:28.592182800Z
3051528.c88: FileAttributes: 0x20
3061528.c88: Size: 0x67a00
3071528.c88: NT Headers: 0xe8
3081528.c88: Timestamp: 0x55b02e7b
3091528.c88: Machine: 0x8664 - amd64
3101528.c88: Timestamp: 0x55b02e7b
3111528.c88: Image Version: 6.1
3121528.c88: SizeOfImage: 0x6c000 (442368)
3131528.c88: Resource Dir: 0x6a000 LB 0x530
3141528.c88: ProductName: Microsoft® Windows® Operating System
3151528.c88: ProductVersion: 6.1.7601.18939
3161528.c88: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
3171528.c88: FileDescription: Windows NT BASE API Client DLL
3181528.c88: \SystemRoot\System32\apisetschema.dll:
3191528.c88: CreationTime: 2015-09-18T13:33:14.286028000Z
3201528.c88: LastWriteTime: 2015-07-22T23:52:01.328000000Z
3211528.c88: ChangeTime: 2015-09-18T14:46:28.389382800Z
3221528.c88: FileAttributes: 0x20
3231528.c88: Size: 0x1a00
3241528.c88: NT Headers: 0xc0
3251528.c88: Timestamp: 0x55b02ce6
3261528.c88: Machine: 0x8664 - amd64
3271528.c88: Timestamp: 0x55b02ce6
3281528.c88: Image Version: 6.1
3291528.c88: SizeOfImage: 0x50000 (327680)
3301528.c88: Resource Dir: 0x30000 LB 0x3f8
3311528.c88: ProductName: Microsoft® Windows® Operating System
3321528.c88: ProductVersion: 6.1.7601.18939
3331528.c88: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
3341528.c88: FileDescription: ApiSet Schema DLL
3351528.c88: Found driver SysPlant (0x1)
3361528.c88: Found driver SymNetS (0x2)
3371528.c88: Found driver SRTSPX (0x2)
3381528.c88: Found driver SymEvent (0x2)
3391528.c88: Found driver SymIRON (0x2)
340c18.c5c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 29 ms.
3411528.c88: supR3HardenedWinFindAdversaries: 0x3
3421528.c88: \SystemRoot\System32\drivers\SysPlant.sys:
3431528.c88: CreationTime: 2015-09-18T13:02:34.833228700Z
3441528.c88: LastWriteTime: 2015-09-18T13:02:34.833228700Z
3451528.c88: ChangeTime: 2015-09-18T13:02:34.833228700Z
3461528.c88: FileAttributes: 0x2020
3471528.c88: Size: 0x29170
3481528.c88: NT Headers: 0xf0
3491528.c88: Timestamp: 0x55ba08b1
3501528.c88: Machine: 0x8664 - amd64
3511528.c88: Timestamp: 0x55ba08b1
3521528.c88: Image Version: 5.0
3531528.c88: SizeOfImage: 0x2f000 (192512)
3541528.c88: Resource Dir: 0x2d000 LB 0x498
3551528.c88: ProductName: Symantec CMC Firewall
3561528.c88: ProductVersion: 12.1.6318.6100
3571528.c88: FileVersion: 12.1.6318.6100
3581528.c88: FileDescription: Symantec CMC Firewall SysPlant
3591528.c88: \SystemRoot\System32\sysfer.dll:
3601528.c88: CreationTime: 2015-09-18T13:02:34.833228700Z
3611528.c88: LastWriteTime: 2015-09-18T13:02:34.833228700Z
3621528.c88: ChangeTime: 2015-09-18T13:02:34.833228700Z
3631528.c88: FileAttributes: 0x2020
3641528.c88: Size: 0x72038
3651528.c88: NT Headers: 0xe8
3661528.c88: Timestamp: 0x55ba08bc
3671528.c88: Machine: 0x8664 - amd64
3681528.c88: Timestamp: 0x55ba08bc
3691528.c88: Image Version: 0.0
3701528.c88: SizeOfImage: 0x89000 (561152)
3711528.c88: Resource Dir: 0x87000 LB 0x630
3721528.c88: ProductName: Symantec CMC Firewall
3731528.c88: ProductVersion: 12.1.6318.6100
3741528.c88: FileVersion: 12.1.6318.6100
3751528.c88: FileDescription: Symantec CMC Firewall sysfer
3761528.c88: \SystemRoot\System32\drivers\symevent64x86.sys:
3771528.c88: CreationTime: 2015-09-18T13:03:54.486968600Z
3781528.c88: LastWriteTime: 2015-09-18T13:03:54.471368600Z
3791528.c88: ChangeTime: 2015-09-18T13:03:54.471368600Z
3801528.c88: FileAttributes: 0x2020
3811528.c88: Size: 0x2b8d8
3821528.c88: NT Headers: 0xe8
3831528.c88: Timestamp: 0x54b87d44
3841528.c88: Machine: 0x8664 - amd64
3851528.c88: Timestamp: 0x54b87d44
3861528.c88: Image Version: 6.0
3871528.c88: SizeOfImage: 0x38000 (229376)
3881528.c88: Resource Dir: 0x36000 LB 0x3c8
3891528.c88: ProductName: SYMEVENT
3901528.c88: ProductVersion: 12.9.6.12
3911528.c88: FileVersion: 12.9.6.12
3921528.c88: FileDescription: Symantec Event Library
3931528.c88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3941528.c88: Calling main()
3951528.c88: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3961528.c88: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3971528.c88: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3981528.c88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3991528.c88: SUPR3HardenedMain: Respawn #2
4001528.c88: supR3HardNtEnableThreadCreation:
4011528.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4021528.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
4031528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
4041528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
4051528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4061528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4071528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4081528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4091528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4101528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4111528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4121528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4131528.c88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
4141528.c88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4151528.c88: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.DLL [fFlags=0x0]
4161528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4171528.c88: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4181528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4191528.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
4201528.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
4211528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
4221528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
4231528.c88: supR3HardenedDllNotificationCallback: load 000007fefd8e0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
4241528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4251528.c88: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4261528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4271528.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.DLL'
4281528.c88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
4291528.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
4301528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4311528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4321528.c88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4331528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4341528.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4351528.c88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4361528.c88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4371528.c88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4381528.c88: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
4391528.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4401528.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2c0000 'C:\Windows\system32\apphelp.dll'
4411528.c88: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000776fb630 pvNtTerminateThread=000000007771dee0
4421528.c88: supR3HardenedWinDoReSpawn(2): New child b98.101c [kernel32].
4431528.c88: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
4441528.c88: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000776d0000 uNtDllChildAddr=00000000776d0000
4451528.c88: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000776fb630
4461528.c88: supR3HardenedWinSetupChildInit: Start child.
4471528.c88: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
4481528.c88: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
4491528.c88: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4501528.c88: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4511528.c88: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4521528.c88: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4531528.c88: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
4541528.c88: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4551528.c88: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
4561528.c88: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
4571528.c88: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
4581528.c88: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
4591528.c88: 0000000000150000-ffffffff88bcffff 0x0001/0x0000 0x0000000
4601528.c88: *00000000776d0000-00000000776d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4611528.c88: 00000000776d1000-00000000777cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4621528.c88: 00000000777cf000-00000000777fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4631528.c88: 00000000777fe000-0000000077805fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4641528.c88: 0000000077806000-0000000077806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4651528.c88: 0000000077807000-0000000077809fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4661528.c88: 000000007780a000-0000000077878fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4671528.c88: 0000000077879000-0000000070111fff 0x0001/0x0000 0x0000000
4681528.c88: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4691528.c88: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4701528.c88: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4711528.c88: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
4721528.c88: *000000013ff80000-000000013ff80fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4731528.c88: 000000013ff81000-0000000140007fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4741528.c88: 0000000140008000-0000000140008fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4751528.c88: 0000000140009000-0000000140053fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4761528.c88: 0000000140054000-0000000140054fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4771528.c88: 0000000140055000-0000000140055fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4781528.c88: 0000000140056000-000000014005afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4791528.c88: 000000014005b000-000000014005bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4801528.c88: 000000014005c000-000000014005cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4811528.c88: 000000014005d000-0000000140060fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4821528.c88: 0000000140061000-00000001400abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4831528.c88: 00000001400ac000-00000001400a7fff 0x0001/0x0000 0x0000000
4841528.c88: *00000001400b0000-00000001400aefff 0x0040/0x0040 0x0020000 !!
4851528.c88: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000001400b0000 (LB 0x1000, 00000001400b0000 LB 0x1000)
4861528.c88: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000001400b0000/00000001400b0000 LB 0/0x1000]
4871528.c88: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000001400b0000 LB 0x7fdbf940000 s=0x10000 ap=0x0 rp=0x00000000000001
4881528.c88: 00000001400b1000-fffff80380771fff 0x0001/0x0000 0x0000000
4891528.c88: *000007feff9f0000-000007feff9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4901528.c88: 000007feff9f1000-000007fdff431fff 0x0001/0x0000 0x0000000
4911528.c88: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4921528.c88: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
4931528.c88: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
4941528.c88: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
4951528.c88: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4961528.c88: apisetschema.dll: timestamp 0x55b02ce6 (rc=VINF_SUCCESS)
4971528.c88: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
4981528.c88: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4991528.c88: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
5001528.c88: 000000013ff8016a / 0x000016a: 00 != 13
5011528.c88: 000000013ff8016c / 0x000016c: 00 != 14
5021528.c88: Restored 0x400 bytes of original file content at 000000013ff80000
5031528.c88: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
5041528.c88: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5051528.c88: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3 cPatchCount=0
5061528.c88: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
5071528.c88: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5081528.c88: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5091528.c88: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5101528.c88: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
5111528.c88: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5121528.c88: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5131528.c88: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
5141528.c88: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
5151528.c88: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
5161528.c88: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
5171528.c88: 0000000000150000-ffffffff88bcffff 0x0001/0x0000 0x0000000
5181528.c88: *00000000776d0000-00000000776d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5191528.c88: 00000000776d1000-00000000777cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5201528.c88: 00000000777cf000-00000000777fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5211528.c88: 00000000777fe000-0000000077805fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5221528.c88: 0000000077806000-0000000077806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5231528.c88: 0000000077807000-0000000077807fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5241528.c88: 0000000077808000-0000000077809fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5251528.c88: 000000007780a000-0000000077878fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5261528.c88: 0000000077879000-0000000070111fff 0x0001/0x0000 0x0000000
5271528.c88: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5281528.c88: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5291528.c88: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5301528.c88: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
5311528.c88: *000000013ff80000-000000013ff80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5321528.c88: 000000013ff81000-0000000140007fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5331528.c88: 0000000140008000-0000000140008fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5341528.c88: 0000000140009000-0000000140053fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5351528.c88: 0000000140054000-0000000140060fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5361528.c88: 0000000140061000-00000001400abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5371528.c88: 00000001400ac000-fffff80380767fff 0x0001/0x0000 0x0000000
5381528.c88: *000007feff9f0000-000007feff9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
5391528.c88: 000007feff9f1000-000007fdff431fff 0x0001/0x0000 0x0000000
5401528.c88: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5411528.c88: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
5421528.c88: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
5431528.c88: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
5441528.c88: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5451528.c88: supR3HardNtChildPurify: Done after 1109 ms and 2 fixes (loop #1).
5461528.c88: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
5471528.c88: supR3HardNtEnableThreadCreation:
548b98.101c: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
549b98.101c: supR3HardenedVmProcessInit: uNtDllAddr=00000000776d0000
550b98.101c: ntdll.dll: timestamp 0x55b02e88 (rc=VINF_SUCCESS)
551b98.101c: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
552b98.101c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
553b98.101c: System32: \Device\HarddiskVolume2\Windows\System32
554b98.101c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
555b98.101c: KnownDllPath: C:\Windows\system32
556b98.101c: supR3HardenedVmProcessInit: Opening vboxdrv...
557b98.101c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
558b98.101c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
559b98.101c: Registered Dll notification callback with NTDLL.
560b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
561b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
562b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
563b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
564b98.101c: supR3HardenedDllNotificationCallback: load 00000000774b0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
565b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
566b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
567b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
568b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
569b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32\kernel32.dll'
570b98.101c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000776fb630 pvNtTerminateThread=000000007771dee0
5711528.c88: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 33 ms.
572b98.101c: \SystemRoot\System32\ntdll.dll:
573b98.101c: CreationTime: 2015-09-18T13:33:12.274905100Z
574b98.101c: LastWriteTime: 2015-07-23T00:03:19.290418300Z
575b98.101c: ChangeTime: 2015-09-18T14:46:28.404982800Z
576b98.101c: FileAttributes: 0x20
577b98.101c: Size: 0x1a67c0
578b98.101c: NT Headers: 0xe0
579b98.101c: Timestamp: 0x55b02e88
580b98.101c: Machine: 0x8664 - amd64
581b98.101c: Timestamp: 0x55b02e88
582b98.101c: Image Version: 6.1
583b98.101c: SizeOfImage: 0x1a9000 (1740800)
584b98.101c: Resource Dir: 0x14d000 LB 0x5a028
585b98.101c: ProductName: Microsoft® Windows® Operating System
586b98.101c: ProductVersion: 6.1.7601.18939
587b98.101c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
588b98.101c: FileDescription: NT Layer DLL
589b98.101c: \SystemRoot\System32\kernel32.dll:
590b98.101c: CreationTime: 2015-09-18T13:33:12.181364500Z
591b98.101c: LastWriteTime: 2015-07-23T00:02:40.437000000Z
592b98.101c: ChangeTime: 2015-09-18T14:46:28.592182800Z
593b98.101c: FileAttributes: 0x20
594b98.101c: Size: 0x11c000
595b98.101c: NT Headers: 0xe8
596b98.101c: Timestamp: 0x55b02e7a
597b98.101c: Machine: 0x8664 - amd64
598b98.101c: Timestamp: 0x55b02e7a
599b98.101c: Image Version: 6.1
600b98.101c: SizeOfImage: 0x11f000 (1175552)
601b98.101c: Resource Dir: 0x116000 LB 0x528
602b98.101c: ProductName: Microsoft® Windows® Operating System
603b98.101c: ProductVersion: 6.1.7601.18939
604b98.101c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
605b98.101c: FileDescription: Windows NT BASE API Client DLL
606b98.101c: \SystemRoot\System32\KernelBase.dll:
607b98.101c: CreationTime: 2015-09-18T13:33:13.257081400Z
608b98.101c: LastWriteTime: 2015-07-23T00:02:40.437000000Z
609b98.101c: ChangeTime: 2015-09-18T14:46:28.592182800Z
610b98.101c: FileAttributes: 0x20
611b98.101c: Size: 0x67a00
612b98.101c: NT Headers: 0xe8
613b98.101c: Timestamp: 0x55b02e7b
614b98.101c: Machine: 0x8664 - amd64
615b98.101c: Timestamp: 0x55b02e7b
616b98.101c: Image Version: 6.1
617b98.101c: SizeOfImage: 0x6c000 (442368)
618b98.101c: Resource Dir: 0x6a000 LB 0x530
619b98.101c: ProductName: Microsoft® Windows® Operating System
620b98.101c: ProductVersion: 6.1.7601.18939
621b98.101c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
622b98.101c: FileDescription: Windows NT BASE API Client DLL
623b98.101c: \SystemRoot\System32\apisetschema.dll:
624b98.101c: CreationTime: 2015-09-18T13:33:14.286028000Z
625b98.101c: LastWriteTime: 2015-07-22T23:52:01.328000000Z
626b98.101c: ChangeTime: 2015-09-18T14:46:28.389382800Z
627b98.101c: FileAttributes: 0x20
628b98.101c: Size: 0x1a00
629b98.101c: NT Headers: 0xc0
630b98.101c: Timestamp: 0x55b02ce6
631b98.101c: Machine: 0x8664 - amd64
632b98.101c: Timestamp: 0x55b02ce6
633b98.101c: Image Version: 6.1
634b98.101c: SizeOfImage: 0x50000 (327680)
635b98.101c: Resource Dir: 0x30000 LB 0x3f8
636b98.101c: ProductName: Microsoft® Windows® Operating System
637b98.101c: ProductVersion: 6.1.7601.18939
638b98.101c: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
639b98.101c: FileDescription: ApiSet Schema DLL
640b98.101c: Found driver SysPlant (0x1)
641b98.101c: Found driver SymNetS (0x2)
642b98.101c: Found driver SRTSPX (0x2)
643b98.101c: Found driver SymEvent (0x2)
644b98.101c: Found driver SymIRON (0x2)
645b98.101c: supR3HardenedWinFindAdversaries: 0x3
646b98.101c: \SystemRoot\System32\drivers\SysPlant.sys:
647b98.101c: CreationTime: 2015-09-18T13:02:34.833228700Z
648b98.101c: LastWriteTime: 2015-09-18T13:02:34.833228700Z
649b98.101c: ChangeTime: 2015-09-18T13:02:34.833228700Z
650b98.101c: FileAttributes: 0x2020
651b98.101c: Size: 0x29170
652b98.101c: NT Headers: 0xf0
653b98.101c: Timestamp: 0x55ba08b1
654b98.101c: Machine: 0x8664 - amd64
655b98.101c: Timestamp: 0x55ba08b1
656b98.101c: Image Version: 5.0
657b98.101c: SizeOfImage: 0x2f000 (192512)
658b98.101c: Resource Dir: 0x2d000 LB 0x498
659b98.101c: ProductName: Symantec CMC Firewall
660b98.101c: ProductVersion: 12.1.6318.6100
661b98.101c: FileVersion: 12.1.6318.6100
662b98.101c: FileDescription: Symantec CMC Firewall SysPlant
663b98.101c: \SystemRoot\System32\sysfer.dll:
664b98.101c: CreationTime: 2015-09-18T13:02:34.833228700Z
665b98.101c: LastWriteTime: 2015-09-18T13:02:34.833228700Z
666b98.101c: ChangeTime: 2015-09-18T13:02:34.833228700Z
667b98.101c: FileAttributes: 0x2020
668b98.101c: Size: 0x72038
669b98.101c: NT Headers: 0xe8
670b98.101c: Timestamp: 0x55ba08bc
671b98.101c: Machine: 0x8664 - amd64
672b98.101c: Timestamp: 0x55ba08bc
673b98.101c: Image Version: 0.0
674b98.101c: SizeOfImage: 0x89000 (561152)
675b98.101c: Resource Dir: 0x87000 LB 0x630
676b98.101c: ProductName: Symantec CMC Firewall
677b98.101c: ProductVersion: 12.1.6318.6100
678b98.101c: FileVersion: 12.1.6318.6100
679b98.101c: FileDescription: Symantec CMC Firewall sysfer
680b98.101c: \SystemRoot\System32\drivers\symevent64x86.sys:
681b98.101c: CreationTime: 2015-09-18T13:03:54.486968600Z
682b98.101c: LastWriteTime: 2015-09-18T13:03:54.471368600Z
683b98.101c: ChangeTime: 2015-09-18T13:03:54.471368600Z
684b98.101c: FileAttributes: 0x2020
685b98.101c: Size: 0x2b8d8
686b98.101c: NT Headers: 0xe8
687b98.101c: Timestamp: 0x54b87d44
688b98.101c: Machine: 0x8664 - amd64
689b98.101c: Timestamp: 0x54b87d44
690b98.101c: Image Version: 6.0
691b98.101c: SizeOfImage: 0x38000 (229376)
692b98.101c: Resource Dir: 0x36000 LB 0x3c8
693b98.101c: ProductName: SYMEVENT
694b98.101c: ProductVersion: 12.9.6.12
695b98.101c: FileVersion: 12.9.6.12
696b98.101c: FileDescription: Symantec Event Library
697b98.101c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
698b98.101c: Calling main()
699b98.101c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
700b98.101c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
701b98.101c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
702b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
703b98.101c: SUPR3HardenedMain: Final process, opening VBoxDrv...
704b98.101c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
705b98.101c: supR3HardNtEnableThreadCreation:
706b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
707b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
708b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000723f40:C:\Windows\system32 [calling]
709b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
710b98.101c: supR3HardenedDllNotificationCallback: load 000007fefadd0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
711b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
712b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
713b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
714b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
715b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
716b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
717b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
718b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
719b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
720b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
721b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
722b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
723b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
724b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
725b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
726b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
727b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
728b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
729b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
730b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
731b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
732b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
733b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
734b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
735b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
736b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
737b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
738b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
739b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
740b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
741b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
742b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
743b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
744b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
745b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
746b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
747b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
748b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
749b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000723f40:C:\Windows\system32 [calling]
750b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
751b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd5e0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
752b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
753b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
754b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
756b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
757b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
758b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
759b98.101c: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
760b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
761b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\Wintrust.dll'
762b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
763b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
764b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769240:C:\Windows\system32 [calling]
765b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
766b98.101c: supR3HardenedDllNotificationCallback: load 000007fefce10000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
767b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
768b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\bcrypt.dll'
769b98.101c: bcrypt.dll loaded at 000007fefce10000, BCryptOpenAlgorithmProvider at 000007fefce12640, preloading providers:
770b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
771b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
772b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
773b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
774b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
775b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
776b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
777b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
778b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
779b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
780b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
781b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
782b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
783b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
784b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
785b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
786b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
787b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
788b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
789b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
790b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
791b98.101c: supR3HardenedDllNotificationCallback: load 000007fefc8c0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
792b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
793b98.101c: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
794b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
795b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
796b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
797b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
798b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
799b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd8e0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
800b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
801b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8c0000 'C:\Windows\system32\bcryptprimitives.dll'
802b98.101c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000076a920)
803b98.101c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000076d7e0)
804b98.101c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000076d900)
805b98.101c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000076db10)
806b98.101c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000076dc30)
807b98.101c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000076dd50)
808b98.101c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000076df90)
809b98.101c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000076e0b0)
810b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
811b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
812b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
813b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
814b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
815b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
816b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
817b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
818b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
819b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
820b98.101c: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
821b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
822b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\CRYPTSP.dll'
823b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
824b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
825b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
826b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
827b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
828b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
829b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
830b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
831b98.101c: supR3HardenedDllNotificationCallback: load 000007fefc980000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
832b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
833b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc980000 'C:\Windows\system32\rsaenh.dll'
834b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
835b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
836b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
837b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
838b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
839b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
840b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
841b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
842b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
843b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\CRYPTBASE.dll'
844b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
845b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
846b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32\kernel32.dll'
847b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
848b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
849b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\WINTRUST.DLL'
850b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
851b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
852b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPT32.dll'
853b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
854b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
855b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
856b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
857b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
858b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
859b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
860b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
861b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
862b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
863b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
864b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
865b98.101c: supR3HardenedDllNotificationCallback: load 000007feff9b0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
866b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
867b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9b0000 'C:\Windows\system32\imagehlp.dll'
868b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
869b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
870b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\CRYPTSP.dll'
871b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
872b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
873b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
874b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
875b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
876b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
877b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
878b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
879b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
880b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
881b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
882b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
883b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
884b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
885b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
886b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
887b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
888b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
889b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
890b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
891b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
892b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
893b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
894b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
895b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
896b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
897b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
898b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
899b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
900b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
901b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
902b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
903b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
904b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
905b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
906b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
907b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
908b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
909b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
910b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
911b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
912b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
913b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
914b98.101c: supR3HardenedDllNotificationCallback: load 00000000775d0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
915b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
916b98.101c: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
917b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
918b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
919b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
920b98.101c: supR3HardenedDllNotificationCallback: load 000007fefefe0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
921b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
922b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
923b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
924b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
925b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
926b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
927b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
928b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
929b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
930b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
931b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
932b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
933b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
934b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
935b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
936b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
937b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
938b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
939b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
940b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
941b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
942b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
943b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
944b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
945b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
946b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
947b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
948b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
949b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
950b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
951b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
952b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
953b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
954b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
955b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
956b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
957b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
958b98.101c: supR3HardenedDllNotificationCallback: load 000007feff4f0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
959b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
960b98.101c: supR3HardenedDllNotificationCallback: load 000007feff8a0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
961b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
962b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\IMM32.DLL'
963b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\USER32.dll'
964b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
965b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
966b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
967b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
968b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
969b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
970b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
971b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
972b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
973b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
974b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
975b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
976b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
977b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
978b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
979b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
980b98.101c: supR3HardenedDllNotificationCallback: load 000007fefce40000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
981b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
982b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce40000 'C:\Windows\system32\ncrypt.dll'
983b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
984b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
985b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\bcrypt.dll'
986b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
987b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
988b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
989b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
990b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
991b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
992b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
993b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
994b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
995b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
996b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
997b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
998b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
999b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1000b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1001b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1002b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1003b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1004b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1005b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1006b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1007b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd690000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1008b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1009b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd490000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1010b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1011b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd690000 'C:\Windows\system32\USERENV.dll'
1012b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1013b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1014b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1015b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1016b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1017b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1018b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1019b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1020b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1021b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1022b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1023b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1024b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1025b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1026b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1027b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1028b98.101c: supR3HardenedDllNotificationCallback: load 000007fefc730000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1029b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1030b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc730000 'C:\Windows\system32\GPAPI.dll'
1031b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1032b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1033b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1034b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1035b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'C:\Windows\system32\rpcrt4.dll'
1036b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1037b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1038b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1039b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1040b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1041b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1042b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1043b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1044b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1045b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1046b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1047b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1048b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1049b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1050b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1051b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1052b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1053b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1054b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1055b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1056b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1057b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1058b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1059b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1060b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1061b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1062b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1063b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1064b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1065b98.101c: supR3HardenedDllNotificationCallback: load 000007fef9910000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1066b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1067b98.101c: supR3HardenedDllNotificationCallback: load 000007feff840000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1068b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1069b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1070b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1071b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1072b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1073b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1074b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1075b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1076b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1077b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1078b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1079b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1080b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1081b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1082b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1083b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1084b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1085b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1086b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1087b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1088b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1089b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1090b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1091b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1092b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1093b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1094b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1095b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1096b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1097b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1098b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1099b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
1100b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1101b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1102b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1103b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1104b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\profapi.dll'
1105b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1106b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1107b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1108b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1109b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1110b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1111b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1112b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1113b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1114b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1115b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1116b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1117b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1118b98.101c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1119b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1120b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1121b98.101c: supR3HardenedDllNotificationCallback: load 000007feff470000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1122b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1123b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'C:\Windows\system32\SHLWAPI.dll'
1124b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1125b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000076a840
1126b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1127b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=963CD0837BEBAD6FB58BA310A799A0CC09B37724
1128b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1129b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1130b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1131b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1132b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1133b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1134b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1135b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1136b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
1137b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1138b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1139b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1140b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1141b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1142b98.101c: g_pfnWinVerifyTrust=000007fefd5e1010
1143b98.101c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1144b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1145b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1146b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1147b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1148b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1149b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1150b98.101c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1151b98.101c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1152b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1153b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1154b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1155b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1156b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1157b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1158b98.101c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1159b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1160b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1161b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1162b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1163b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1164b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1165b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1166b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1167b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1168b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1169b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1170b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1171b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1172b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1173b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1174b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1175b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1176b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1177b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1178b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1179b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1180b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1181b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1182b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1183b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1184b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1185b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1186b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1187b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1188b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1189b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1190b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1191b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1192b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1193b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1194b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1195b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1196b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1197b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1198b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1199b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1200b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1201b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1202b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1203b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1204b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA8D3A11FD8E0C7D37E27D9BD49191C14423F840
1205b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3080079~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1206b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1207b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1208b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1209b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1210b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1211b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1212b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1213b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1214b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1215b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1216b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1217b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1218b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1219b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1220b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1221b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1222b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1223b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1224b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1225b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1226b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1227b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1228b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1229b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1230b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1231b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1232b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
1233b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1234b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1235b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1236b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1237b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1238b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1239b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
1240b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1241b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1242b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1243b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1244b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1245b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1246b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1247b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1248b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1249b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1250b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1251b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1252b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1253b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1254b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1255b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1256b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1257b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1258b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1259b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1260b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F106E14B85A6A3810B3775632C530956DBB7F93C
1261b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3080079~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1262b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1263b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1264b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1265b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1266b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1267b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1268b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1269b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1270b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1271b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1272b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1273b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1274b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1275b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1276b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1277b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1278b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1279b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1280b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1281b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1282b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D58A667BECF67ECC76D4BEEDB96E9F1960013145
1283b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1284b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1285b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1286b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1287b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1288b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1289b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1290b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1291b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1292b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1293b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1294b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1295b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1296b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1297b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1298b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1299b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1300b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1301b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1302b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1303b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1304b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1305b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1306b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1307b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1308b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1309b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1310b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1311b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=74F9AAFE24EF95069102DE961F378D842F3D1491
1312b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3080079~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1313b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1314b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1315b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1316b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1317b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1318b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1319b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C638AD44DA41A2D1E72B39510DB3D8D21C9DFE2
1320b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1321b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1322b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1323b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1324b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1325b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1326b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F04DD1F6B058DBA819A75975ED20181EE669FBAD
1327b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1328b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1329b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1330b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1331b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007dbeb0:C:\Windows\system32 [calling]
1332b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\crypt32.dll'
1333b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1334b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1335b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1336b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1337b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1338b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1339b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1340b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1341b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1342b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1343b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1344b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1345b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1346b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1347b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1348b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1349b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1350b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1351b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1352b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1353b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1354b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1355b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1356b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1357b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1358b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1359b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1360b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1361b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1362b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1363b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xa29fd267fe3d378d C=UA, ST=Kyiv, L=Kyiv, O=GlobalLogic Ukraine, OU=IT, CN=GlobalLogic Ukraine IT Certificate Authority, Email=oleksii.gnatkevych@globallogic.com
1364b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x88ebd49ac96c200 DC=com, DC=synapse, CN=Induslogic
1365b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x18e8578a598bd700 DC=com, DC=synapse, CN=Induslogic
1366b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0xb41b710527688d00 DC=com, DC=synapse, CN=Induslogic
1367b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x26e092f899b6d300 DC=com, DC=synapse, CN=Induslogic
1368b98.101c: supR3HardenedWinIsDesiredRootCA: Adding 0x26e092f899b6d300 DC=com, DC=synapse, CN=Induslogic
1369b98.101c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36
1370b98.101c: SUPR3HardenedMain: Load Runtime...
1371b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1372b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1373b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1374b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1375b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1376b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1377b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1378b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1379b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1380b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1381b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1382b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1383b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1384b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1385b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1386b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1387b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1388b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1389b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1390b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1391b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1392b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1393b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1394b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1395b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1396b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1397b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1398b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1399b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1400b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1401b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1402b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1403b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1404b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1405b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1406b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1407b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003fc pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1408b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1409b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1410b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1411b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1412b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1413b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1414b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1415b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1416b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1417b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1418b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1419b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1420b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1421b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1422b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1423b98.101c: supR3HardenedDllNotificationCallback: load 000007feeac90000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1424b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1425b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1426b98.101c: supR3HardenedDllNotificationCallback: load 0000000068370000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1427b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1428b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1429b98.101c: supR3HardenedDllNotificationCallback: load 0000000068490000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1430b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1431b98.101c: supR3HardenedDllNotificationCallback: load 000007feff520000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1432b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1433b98.101c: supR3HardenedDllNotificationCallback: load 000007feff9d0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1434b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1435b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1436b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1437b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1438b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1439b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1440b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1441b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1442b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1443b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1444b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1445b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1446b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1447b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1448b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1449b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1450b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1451b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1452b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1453b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1454b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1455b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1456b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1457b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1458b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1459b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1460b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1461b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1462b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1463b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1464b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1465b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1466b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1467b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1468b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1469b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1470b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1471b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1472b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1473b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1474b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1475b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1476b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1477b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1478b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1479b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Skype\Phone\;C:\PROGRA~2\Oracle\VirtualBox; [calling]
1480b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1481b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1482b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1483b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeac90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1484b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1485b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000077d660:C:\Windows\system32 [calling]
1486b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\Wintrust.dll'
1487b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1488b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000077d660:C:\Windows\system32 [calling]
1489b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\crypt32.dll'
1490b98.101c: SUPR3HardenedMain: Load TrustedMain...
1491b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1492b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1493b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1494b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1495b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1496b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1497b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1498b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1499b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1500b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1501b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1502b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1503b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1504b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1505b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1506b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1507b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1508b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1509b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1510b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1511b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1512b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1513b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1514b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1515b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1516b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1517b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1518b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1519b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1520b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1521b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1522b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1523b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1524b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1525b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1526b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1527b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1528b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1529b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1530b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1531b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1532b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1533b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1534b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1535b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1536b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1537b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1538b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1539b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1540b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1541b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1542b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1543b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1544b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1545b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1546b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1547b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1548b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1549b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1550b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1551b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1552b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1553b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1554b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1555b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1556b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1557b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1558b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1559b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1560b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1561b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1562b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1563b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1564b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1565b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1566b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1567b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1568b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1569b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1570b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1571b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFB6DE3310787DB5AA8840686B5D9DA8254FC449
1572b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3079757~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1573b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1574b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1575b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1576b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1577b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1578b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1579b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1580b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1581b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1582b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1583b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1584b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1585b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1586b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1587b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1588b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1589b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1590b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1591b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1592b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1593b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1594b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1595b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1596b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1597b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1598b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1599b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1600b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1601b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1602b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1603b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
1604b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1605b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1606b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1607b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1608b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1609b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1610b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1611b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1612b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1613b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1614b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1615b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1616b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1617b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1618b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1619b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1620b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1621b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1622b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1623b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1624b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1625b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1626b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1627b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1628b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1629b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1630b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1631b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1632b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1633b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1634b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1635b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1636b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1637b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1638b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1639b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1640b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1641b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1642b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1643b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1644b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1645b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1646b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1647b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1648b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1649b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1650b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1651b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1652b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1653b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1654b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1655b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1656b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1657b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1658b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1659b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1660b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1661b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1662b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1663b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1664b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1665b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1666b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1667b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1668b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1669b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1670b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1671b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1672b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1673b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1674b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1675b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1676b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1677b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1678b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1679b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1680b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1681b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1682b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1683b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1684b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1685b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1686b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1687b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1688b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1689b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1690b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1691b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1692b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1693b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1695b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1696b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1697b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1698b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1699b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1700b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1701b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1702b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1703b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1704b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1705b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1706b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1707b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1708b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1709b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1710b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1711b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1712b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1713b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1714b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1715b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1716b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1717b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1718b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1719b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1720b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1721b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1722b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1723b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1724b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1725b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1726b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1727b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1728b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1729b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1730b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1731b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1732b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1733b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1734b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1735b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1736b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1737b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1738b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1739b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1740b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1741b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1742b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1743b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1744b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1745b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1746b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1747b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1748b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1749b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1750b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1751b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1752b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1753b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1754b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1755b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1756b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1757b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1758b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1759b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1760b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1761b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1762b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1763b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1764b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1765b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1766b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1767b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1768b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1769b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1770b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1771b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1772b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1773b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1774b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1775b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1776b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1777b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1778b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1779b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1780b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1781b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1782b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1783b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1784b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1785b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1786b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1787b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1788b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1789b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1790b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1791b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1792b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1793b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1794b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1795b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1796b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1797b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1798b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1799b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1800b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1801b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1802b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1803b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1804b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1805b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1806b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1807b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1808b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1809b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1810b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1811b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1812b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1813b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1814b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1815b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1816b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1817b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1818b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1819b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1820b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1821b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1822b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1823b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1824b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1825b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1826b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1827b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1828b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1829b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1830b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1831b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1832b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1833b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1834b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1835b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1836b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1837b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1838b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1839b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1840b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1841b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1842b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1843b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1844b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1845b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1846b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1847b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1848b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1849b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1850b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1851b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1852b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1853b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1854b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1855b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1856b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1857b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1858b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1859b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1860b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1861b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1862b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1863b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1864b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1865b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1866b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1867b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1868b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1869b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1870b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1871b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1872b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1873b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1874b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1875b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1876b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1877b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1878b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1879b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1880b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1881b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1882b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1883b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1884b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1885b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1886b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1887b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1888b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1889b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1890b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1891b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1892b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1893b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1894b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1895b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1896b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1897b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
1898b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1899b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1900b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1901b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1902b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1903b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1904b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1905b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1906b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1907b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1908b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1909b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1910b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1911b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1912b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1913b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1914b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1915b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1916b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1917b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1918b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1919b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1920b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1921b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1922b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1923b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1924b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1925b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1926b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1927b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1928b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1929b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1930b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1931b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1932b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1933b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1934b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1935b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1936b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1937b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1938b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1939b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1940b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1941b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
1942b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
1943b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1944b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1945b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1946b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1947b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1948b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1949b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1950b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1951b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1952b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1953b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1954b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1955b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1956b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1957b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1958b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1959b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1960b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1961b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1962b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1963b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1964b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1965b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1966b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1967b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1968b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1969b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1970b98.101c: supR3HardenedDllNotificationCallback: load 000007fee5d20000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1971b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1972b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1973b98.101c: supR3HardenedDllNotificationCallback: load 000007fef4a00000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1974b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1975b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1976b98.101c: supR3HardenedDllNotificationCallback: load 000007fef49d0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1977b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1978b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1979b98.101c: supR3HardenedDllNotificationCallback: load 000007fef48d0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1980b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1981b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1982b98.101c: supR3HardenedDllNotificationCallback: load 000007fef5af0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1983b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1984b98.101c: supR3HardenedDllNotificationCallback: load 000007fefea50000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1985b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1986b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1987b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1988b98.101c: supR3HardenedDllNotificationCallback: load 000007fefec30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1989b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1990b98.101c: supR3HardenedDllNotificationCallback: load 000007feff1e0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1991b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1992b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1993b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1994b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1995b98.101c: supR3HardenedDllNotificationCallback: load 000007fefb5f0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1996b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1997b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1998b98.101c: supR3HardenedDllNotificationCallback: load 0000000067db0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1999b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2000b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2001b98.101c: supR3HardenedDllNotificationCallback: load 0000000065460000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2002b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2003b98.101c: supR3HardenedDllNotificationCallback: load 000007fefe9b0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2004b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2005b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2006b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2007b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2008b98.101c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2009b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2010b98.101c: supR3HardenedDllNotificationCallback: load 000007fef99a0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2011b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2012b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd910000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2013b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2014b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2015b98.101c: supR3HardenedDllNotificationCallback: load 000007fefafb0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2016b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2017b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2018b98.101c: supR3HardenedDllNotificationCallback: load 000007fef6f60000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2019b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2020b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2021b98.101c: supR3HardenedDllNotificationCallback: load 0000000068260000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
2022b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2023b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2024b98.101c: supR3HardenedDllNotificationCallback: load 0000000072d60000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2025b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2026b98.101c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2027b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2028b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2029b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2030b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2031b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2032b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2033b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2034b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2035b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd680:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2036b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\imm32.dll'
2037b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2038b98.101c: SUPR3HardenedMain: Calling TrustedMain (000007fee5d210d0)...
2039b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2040b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2041b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
2042b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000598 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2043b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2044b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2045b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2046b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2047b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2048b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2049b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2050b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2051b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2052b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2053b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2054b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2055b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2056b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2057b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2058b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2059b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b56e40:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2060b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2061b98.101c: supR3HardenedDllNotificationCallback: load 000007fefc330000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2062b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2063b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2064b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2065b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b56e40:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2066b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2067b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2068b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b57b50:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2069b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2070b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2071b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b57b50:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2072b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2073b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2074b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2075b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5f0000 'C:\Windows\system32\dwmapi.dll'
2076b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2077b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2078b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\CRYPTBASE.dll'
2079b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2080b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2081b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32\shell32.dll'
2082b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2083b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2084b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32\kernel32.dll'
2085b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2086b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2087b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2088b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2089b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2090b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2091b98.101c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2092b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2093b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2094b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
2095b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2096b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2097b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc330000 'C:\Windows\system32\uxtheme.dll'
2098b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
2099b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\advapi32.dll'
2100b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2101b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2102b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd690000 'C:\Windows\system32\userenv.dll'
2103b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2104b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2105b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32\kernel32.dll'
2106b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2107b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2108b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2109b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2110b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2111b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2112b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2113b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2114b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2115b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2116b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2117b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2118b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2119b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2120b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2121b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2122b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2123b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2124b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2125b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2126b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2127b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2128b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2129b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2130b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2131b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2132b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2133b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2134b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2135b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd3b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2136b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2137b98.101c: supR3HardenedDllNotificationCallback: load 000007fefe830000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2138b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2139b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe830000 'C:\Windows\system32\CLBCatQ.DLL'
2140b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
2141b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2142b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd9e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2143b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\CRYPTSP.dll'
2144b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2145b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2146b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2147b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2148b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2149b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2150b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2151b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2152b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2153b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2154b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2155b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bd9e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2156b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2157b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2158b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2159b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\RpcRtRemote.dll'
2160b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2161b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2162b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2163b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2164b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2165b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
2166b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2167b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2168b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2169b98.e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2170b98.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2171b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2172b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2173b98.e6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2174b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2175b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2176b98.e6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2177b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2178b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2179b98.e6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2180b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2181b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2182b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
2183b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2184b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2185b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
2186b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
2187b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2188b98.e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2189b98.e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
2190b98.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2191b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2192b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2193b98.e6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2194b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2195b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2196b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2197b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2198b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
2199b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2200b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2201b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
2202b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
2203b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2204b98.e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
2205b98.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2206b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2207b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2208b98.e6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2209b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2210b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2211b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2212b98.e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2213b98.e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d57b0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2214b98.e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2215b98.e6c: supR3HardenedDllNotificationCallback: load 000007feea6b0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2216b98.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2217b98.e6c: supR3HardenedDllNotificationCallback: load 00000000778a0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
2218b98.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
2219b98.e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2220b98.e6c: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
2221b98.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2222b98.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea6b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2223b98.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2224b98.e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b57ec0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2225b98.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\oleaut32.dll'
2226b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2227b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2228b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2229b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2230b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2231b98.e6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2232b98.e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
2233b98.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2234b98.e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bde60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2235b98.e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2236b98.e6c: supR3HardenedDllNotificationCallback: load 000007fefd330000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2237b98.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2238b98.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\SXS.DLL'
2239b98.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
2240b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2241b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2242b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\OLEAUT32.dll'
2243b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
2244b98.101c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2245b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2246b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2247b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2248b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
2249b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.DLL'
2250b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
2251b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2252b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
2253b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtcorevbox4.dll'.
2254b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtguivbox4.dll'.
2255b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtopenglvbox4.dll'.
2256b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
2257b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
2258b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2259b98.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
2260b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a4c pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
2261b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2262b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2263b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8FFB8CDACDC5C9C6D9256E97FB0710E2753FFAA1
2264b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3045645~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
2265b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2266b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
2267b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2268b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2269b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2270b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2271b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
2272b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
2273b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2274b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
2275b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
2276b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2277b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
2278b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
2279b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2280b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2281b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2282b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2283b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2284b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2285b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2286b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2287b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2288b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2289b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2290b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2291b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2292b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2293b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2294b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2295b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2296b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2297b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2298b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2299b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2300b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2301b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2302b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2303b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2304b98.101c: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2305b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2306b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2c0000 'C:\Windows\system32\apphelp.dll'
2307b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2308b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be010:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2309b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
2310b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2311b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b57f70:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2312b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'C:\Windows\system32\MSCTF.dll'
2313b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2314b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be0a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2315b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
2316b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2317b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be0a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2318b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\OLEAUT32.dll'
2319b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a78 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2320b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2321b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2322b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2323b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2324b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2325b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2326b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2327b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2328b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2329b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2330b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2331b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2332b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2333b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2334b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2335b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2336b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2337b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2338b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2339b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2340b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2341b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2342b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2343b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2344b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2345b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2346b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2347b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2348b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2349b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2350b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2351b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2352b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2353b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2354b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2355b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2356b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2357b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2358b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2359b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2360b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2361b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2362b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2363b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2364b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2365b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2366b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2367b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2368b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2369b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2370b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2371b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be4f50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2372b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2373b98.101c: supR3HardenedDllNotificationCallback: load 000007fef8a60000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2374b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2375b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2376b98.101c: supR3HardenedDllNotificationCallback: load 000007fef8d70000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2377b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2378b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a60000 'C:\Windows\system32\wbem\wbemprox.dll'
2379b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2380b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2381b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2382b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2383b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2384b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2385b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2386b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2387b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2388b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2389b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2390b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2391b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2392b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2393b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be4f50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2394b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2395b98.101c: supR3HardenedDllNotificationCallback: load 000007fef8a40000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2396b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2397b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a40000 'C:\Windows\system32\wbem\wbemsvc.dll'
2398b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2399b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2400b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2401b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2402b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2403b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2404b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2405b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2406b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2407b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2408b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2409b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2410b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2411b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2412b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2413b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2414b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2415b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2416b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2417b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2418b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2419b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2420b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2421b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2422b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2423b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2424b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2425b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2426b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2427b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2428b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2429b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2430b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2431b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2432b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2433b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2434b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2435b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2436b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2437b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2438b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2439b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2440b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2441b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2442b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2443b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2444b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002be4f50:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2445b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2446b98.101c: supR3HardenedDllNotificationCallback: load 000007fef8b10000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2447b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2448b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2449b98.101c: supR3HardenedDllNotificationCallback: load 000007fef8a70000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2450b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2451b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8b10000 'C:\Windows\system32\wbem\fastprox.dll'
2452b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\OLEAUT32.dll'
2453b98.101c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2454b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2455b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2456b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2457b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2458b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2459b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2460b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2461b98.101c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2462b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b0d7c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2463b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99a0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2464b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\OLEAUT32.DLL'
2465b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2466b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2467b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2468b98.978: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2469b98.978: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2470b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2471b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2472b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2473b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2474b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2475b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2476b98.978: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2477b98.978: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2478b98.978: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2479b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2480b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2481b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2482b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2483b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2484b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2485b98.978: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2486b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2487b98.978: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2488b98.978: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2489b98.978: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2490b98.978: supR3HardenedDllNotificationCallback: load 000007feea410000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2491b98.978: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2492b98.978: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2493b98.978: supR3HardenedDllNotificationCallback: load 0000000069750000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2494b98.978: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2495b98.978: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea410000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2496b98.a54: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2497b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2498b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2499b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
2500b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
2501b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2502b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2503b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2504b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2505b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
2506b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
2507b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2508b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2509b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
2510b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
2511b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2512b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2513b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
2514b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
2515b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2516b98.c64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
2517b98.c64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
2518b98.c64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
2519b98.c64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
2520b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2521b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2522b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2523b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2524b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2525b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2526b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2527b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2528b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2529b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2530b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2531b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2532b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2533b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2534b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2535b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2536b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2537b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
2538b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2539b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
2540b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
2541b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
2542b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
2543b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2544b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2545b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2546b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2547b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2548b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2549b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2550b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2551b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2552b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
2553b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2554b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2555b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2556b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2557b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2558b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2559b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
2560b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2561b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2562b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2563b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2564b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2565b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2566b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2567b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2568b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2569b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2570b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2571b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2572b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2573b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2574b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2575b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2576b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2577b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2578b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
2579b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
2580b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2581b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2582b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2583b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2584b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2585b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2586b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
2587b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
2588b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2589b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2590b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2591b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2592b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2593b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2594b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2595b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2596b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2597b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
2598b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
2599b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
2600b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
2601b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2602b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
2603b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
2604b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2605b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2606b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2607b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2608b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
2609b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2610b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2611b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2612b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2613b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2614b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2615b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2616b98.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2617b98.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
2618b98.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2619b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2620b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2621b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2622b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2623b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2624b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2625b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2626b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2627b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2628b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2629b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2630b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2631b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2632b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2633b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2634b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2635b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2636b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2637b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2638b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2639b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2640b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2641b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2642b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2643b98.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2644b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2645b98.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2646b98.c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2647b98.c64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2648b98.c64: supR3HardenedDllNotificationCallback: load 000007fefaed0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2649b98.c64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2650b98.c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2651b98.a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2652b98.a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2653b98.a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2654b98.a60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2655b98.a60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2656b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2657b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2658b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2659b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2660b98.a60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2661b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2662b98.a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2663b98.a60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2664b98.a60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2665b98.a60: supR3HardenedDllNotificationCallback: load 000007fefab40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2666b98.a60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2667b98.a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2668b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2669b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2670b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2671b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2672b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2673b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2674b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2675b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2676b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2677b98.1740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2678b98.1740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2679b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2680b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2681b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2682b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2683b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2684b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2685b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2686b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2687b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2688b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2689b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2690b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2691b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2692b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2693b98.1740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2694b98.1740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2695b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2696b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2697b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2698b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2699b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2700b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2701b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2702b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2703b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2704b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2705b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2706b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2707b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2708b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2709b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2710b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2711b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2712b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2713b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2714b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2715b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2716b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2717b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2718b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2719b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2720b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2721b98.1740: supR3HardenedDllNotificationCallback: load 000007feeb620000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2722b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2723b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2724b98.1740: supR3HardenedDllNotificationCallback: load 000007fef7360000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2725b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2726b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2727b98.1740: supR3HardenedDllNotificationCallback: load 000007fef6be0000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2728b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2729b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb620000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2730b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2731b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2732b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6be0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2733b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2734b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2735b98.1740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2736b98.1740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2737b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2738b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2739b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2740b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2741b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2742b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2743b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2744b98.1740: supR3HardenedDllNotificationCallback: load 000007fef67d0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2745b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2746b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef67d0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2747b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2748b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2749b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2750b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32/opengl32.dll'
2751b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2752b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2753b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2754b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2755b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2756b98.1740: \Device\HarddiskVolume2\Windows\System32\ig75icd64.dll: Owner is administrators group.
2757b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c68 pwszName=\Device\HarddiskVolume2\Windows\System32\ig75icd64.dll
2758b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2759b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2760b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C09F52F79FC4E3FFEA609BA6526C3FA78FBE15E2
2761b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem429.cat'; file='\Device\HarddiskVolume2\Windows\System32\ig75icd64.dll'
2762b98.1740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2763b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
2764b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'igdusc64.dll'.
2765b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'dwmapi.dll'.
2766b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2767b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2768b98.1740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2769b98.1740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ig75icd64.dll) WinVerifyTrust
2770b98.1740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ig75icd64.dll
2771b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2772b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2773b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2774b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2775b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2776b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2777b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2778b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2779b98.1740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2780b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdusc64.dll'...
2781b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdusc64.dll' -> '\Device\HarddiskVolume2\Windows\System32\igdusc64.dll' [rcNtRedir=0xc0150008]
2782b98.1740: \Device\HarddiskVolume2\Windows\System32\igdusc64.dll: Owner is administrators group.
2783b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c78 pwszName=\Device\HarddiskVolume2\Windows\System32\igdusc64.dll
2784b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2785b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2786b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A6D5A54A34D9106CB7ECAA0647AEA08917FEE44
2787b98.1740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem429.cat'; file='\Device\HarddiskVolume2\Windows\System32\igdusc64.dll'
2788b98.1740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2789b98.1740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\igdusc64.dll) WinVerifyTrust
2790b98.1740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\igdusc64.dll
2791b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2792b98.1740: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2793b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ig75icd64.dll (Input=ig75icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2794b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ig75icd64.dll
2795b98.1740: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x006dc000 C:\Windows\system32\ig75icd64.dll [fFlags=0x0]
2796b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ig75icd64.dll
2797b98.1740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\igdusc64.dll
2798b98.1740: supR3HardenedDllNotificationCallback: load 000007fef51f0000 LB 0x00434000 C:\Windows\system32\igdusc64.dll [fFlags=0x0]
2799b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\igdusc64.dll
2800b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2801b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Windows\system32\ig75icd64.dll'
2802b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2803b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\gdi32.dll'
2804b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2805b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2806b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\system32\version.dll'
2807b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2808b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2809b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2810b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2811b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2812b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2813b98.1740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2814b98.1740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0d190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2815b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2816b98.1740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Windows\system32\OPENGL32.dll'
2817b98.1248: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2818b98.1248: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2819b98.1248: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2820b98.1248: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2821b98.1248: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2822b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2823b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2824b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2825b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2826b98.1248: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2827b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2828b98.1248: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2829b98.1248: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2830b98.1248: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2831b98.1248: supR3HardenedDllNotificationCallback: load 000007fef72a0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2832b98.1248: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2833b98.1248: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef72a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2834b98.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2835b98.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2836b98.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2837b98.9b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2838b98.9b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2839b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2840b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2841b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2842b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2843b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2844b98.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2845b98.9b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2846b98.9b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2847b98.9b0: supR3HardenedDllNotificationCallback: load 000007fef70d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2848b98.9b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2849b98.9b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef70d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2850b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2851b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2852b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2853b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32/Shell32.dll'
2854b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
2855b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2856b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2857b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2858b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2859b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\profapi.dll'
2860b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2861b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2862b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2863b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2864b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2865b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2866b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2867b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2868b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2869b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2870b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2871b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2872b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2873b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2874b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dcc pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2875b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2876b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2877b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2878b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2879b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2880b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2881b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2882b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2883b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2884b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2885b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2886b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2887b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2888b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2889b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2890b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2891b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2892b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2893b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2894b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2895b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2896b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2897b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2898b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2899b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2900b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2901b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2902b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2903b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2904b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2905b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2906b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2907b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2908b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2909b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2910b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2911b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2912b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2913b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2914b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2915b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2916b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2917b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2918b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2919b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2920b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2921b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2922b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2923b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2924b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2925b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2926b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2927b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2928b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2929b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2930b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2931b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2932b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2933b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2934b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2935b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2936b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
2937b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2938b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2939b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2940b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2941b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2942b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2943b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2944b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2945b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2946b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2947b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2948b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2949b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2950b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2951b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2952b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2953b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2954b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2955b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2956b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2957b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2958b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2959b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
2960b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
2961b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2962b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2963b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2964b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2965b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2966b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2967b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2968b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2969b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2970b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2971b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2972b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2973b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2974b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2975b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2976b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2977b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2978b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2979b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2980b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2981b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2982b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2983b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2984b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2985b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2986b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2987b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2988b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2989b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2990b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2991b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2992b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2993b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2994b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2995b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2996b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2997b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2998b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2999b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3000b98.a54: supR3HardenedDllNotificationCallback: load 000007fee4a00000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3001b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3002b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3003b98.a54: supR3HardenedDllNotificationCallback: load 000007fef62c0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3004b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3005b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
3006b98.a54: supR3HardenedDllNotificationCallback: load 000007fef64d0000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
3007b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
3008b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3009b98.a54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
3010b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
3011b98.a54: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
3012b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
3013b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3014b98.a54: supR3HardenedDllNotificationCallback: load 000007fef63c0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3015b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3016b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3017b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb370000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
3018b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3019b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
3020b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb630000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
3021b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
3022b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4a00000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
3023b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd4 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
3024b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3025b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3026b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
3027b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
3028b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3029b98.a54: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
3030b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
3031b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3032b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3033b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3034b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
3035b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea6b0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
3036b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3037b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3038b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3039b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef63c0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
3040b98.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3041b98.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3042b98.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3043b98.1558: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3044b98.1558: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3045b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3046b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3047b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3048b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3049b98.1558: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3050b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3051b98.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3052b98.1558: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3053b98.1558: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3054b98.1558: supR3HardenedDllNotificationCallback: load 000007fef6d10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3055b98.1558: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3056b98.1558: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3057b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3058b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3059b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3060b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb370000 'C:\Windows\system32/Iphlpapi.dll'
3061b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3062b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3063b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3064b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
3065b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3066b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3067b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3068b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3069b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3070b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3071b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
3072b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3073b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3074b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3075b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
3076b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3077b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3078b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3079b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3080b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3081b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3082b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0de80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3083b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3084b98.a54: supR3HardenedDllNotificationCallback: load 000007fefa560000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
3085b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3086b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\Windows\system32\dhcpcsvc.DLL'
3087b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3088b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0de80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3089b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb370000 'C:\Windows\system32\IPHLPAPI.DLL'
3090b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000efc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3091b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3092b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3093b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
3094b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3095b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3096b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3097b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3098b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3099b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
3100b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3101b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3102b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3103b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3104b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3105b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3106b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3107b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0de80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3108b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3109b98.a54: supR3HardenedDllNotificationCallback: load 000007fefa520000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
3110b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3111b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa520000 'C:\Windows\system32\dhcpcsvc6.DLL'
3112b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3113b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0de80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3114b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb370000 'C:\Windows\system32\IPHLPAPI.DLL'
3115b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f80 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
3116b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3117b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3118b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
3119b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
3120b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3121b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3122b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3123b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3124b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3125b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3126b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
3127b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
3128b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
3129b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
3130b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
3131b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
3132b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3133b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3134b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
3135b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
3136b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3137b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3138b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3139b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3140b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
3141b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3142b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3143b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3144b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3145b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3146b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3147b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3148b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3149b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3150b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3151b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3152b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3153b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3154b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3155b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3156b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3157b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3158b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3159b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3160b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e150:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3161b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3162b98.a54: supR3HardenedDllNotificationCallback: load 000007fef4840000 LB 0x00088000 C:\Windows\system32\dsound.dll [fFlags=0x0]
3163b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3164b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3165b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb9b0000 LB 0x0002c000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
3166b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3167b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3168b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e420:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3169b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4840000 'C:\Windows\system32\dsound.dll'
3170b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4840000 'C:\Windows\system32/dsound.dll'
3171b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa8 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3172b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3173b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3174b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
3175b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
3176b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3177b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3178b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3179b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3180b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
3181b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3182b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3183b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
3184b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
3185b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f8c pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
3186b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3187b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3188b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
3189b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
3190b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3191b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3192b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3193b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
3194b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3195b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3196b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
3197b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
3198b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3199b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3200b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3201b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3202b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3203b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3204b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3205b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3206b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3207b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3208b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3209b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3210b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3211b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3212b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
3213b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3214b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3215b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b57d60:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3216b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3217b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb950000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
3218b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3219b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3220b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb820000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
3221b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3222b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\ADVAPI32.dll'
3223b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Windows\System32\MMDevApi.dll'
3224b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
3225b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3226b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3227b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea50000 'C:\Windows\system32\SETUPAPI.dll'
3228b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
3229b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3230b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'C:\Windows\system32\SHLWAPI.dll'
3231b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3232b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3233b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Windows\system32\MMDEVAPI.DLL'
3234b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
3235b98.4d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ig75icd64.dll
3236b98.4d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ig75icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b58910:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3237b98.4d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Windows\system32\ig75icd64.dll'
3238b98.4d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
3239b98.4d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3240b98.4d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\Windows\system32\CFGMGR32.dll'
3241b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3242b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3243b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3244b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3245b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
3246b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3247b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
3248b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'C:\Windows\system32\RPCRT4.dll'
3249b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3250b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3251b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Windows\system32\MMDevAPI.DLL'
3252b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe4 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3253b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3254b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3255b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
3256b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3257b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3258b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3259b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3260b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3261b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3262b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3263b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
3264b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3265b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
3266b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3267b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3268b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3269b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3270b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd0 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
3271b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3272b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3273b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
3274b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
3275b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3276b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3277b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3278b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3279b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3280b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3281b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3282b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3283b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
3284b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3285b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3286b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
3287b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
3288b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3289b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3290b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3291b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3292b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3293b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3294b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3295b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3296b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3297b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3298b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3299b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3300b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3301b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3302b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3303b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3304b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3305b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3306b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3307b98.a54: supR3HardenedDllNotificationCallback: load 000007fef6330000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
3308b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3309b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3310b98.a54: supR3HardenedDllNotificationCallback: load 0000000075090000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
3311b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3312b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3313b98.a54: supR3HardenedDllNotificationCallback: load 000007fefb610000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
3314b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3315b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3316b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3317b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3318b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3319b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3320b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e300:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3321b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3322b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3323b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e420:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3324b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3325b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3326b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e420:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3327b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3328b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3329b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3330b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3331b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
3332b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
3333b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3334b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3335b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3336b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3337b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3338b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3339b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3340b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3341b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3342b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3343b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3344b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3345b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3346b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3347b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3348b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3349b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3350b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3351b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3352b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
3353b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3354b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3355b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3356b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3357b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3358b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3359b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e420:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3360b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3361b98.a54: supR3HardenedDllNotificationCallback: load 000007fefaef0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
3362b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3363b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaef0000 'C:\Windows\system32\AUDIOSES.DLL'
3364b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3365b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e420:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3366b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3367b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3368b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3369b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3370b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6330000 'C:\Windows\system32\wdmaud.drv'
3371b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000101c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3372b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3373b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3374b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3375b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3376b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3377b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3378b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3379b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3380b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3381b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3382b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3383b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3384b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3385b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3386b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3387b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3388b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3389b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
3390b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3391b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3392b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3393b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
3394b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3395b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3396b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3397b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3398b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3399b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3400b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3401b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3402b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3403b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3404b98.a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3405b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3406b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3407b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3408b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3409b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3410b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3411b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3412b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3413b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3414b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3415b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3416b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3417b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3418b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3419b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3420b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3421b98.a54: supR3HardenedDllNotificationCallback: load 000007fef6bd0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3422b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3423b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3424b98.a54: supR3HardenedDllNotificationCallback: load 000007fef6390000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
3425b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3426b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3427b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3428b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3429b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3430b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3431b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3432b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3433b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3434b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3435b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3436b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3437b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3438b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3439b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3440b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3441b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3442b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3443b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3444b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3445b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3446b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3447b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bd0000 'C:\Windows\system32\msacm32.drv'
3448b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001028 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3449b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3450b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3451b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3452b98.a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3453b98.a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3454b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3455b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3456b98.a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3457b98.a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3458b98.a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3459b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3460b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3461b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3462b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3463b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3464b98.a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3465b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3466b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3467b98.a54: supR3HardenedDllNotificationCallback: load 000007fef6810000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3468b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3469b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6810000 'C:\Windows\system32\midimap.dll'
3470b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3471b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3472b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6810000 'C:\Windows\system32\midimap.dll'
3473b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3474b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3475b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6810000 'C:\Windows\system32\midimap.dll'
3476b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3477b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3478b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6810000 'C:\Windows\system32\midimap.dll'
3479b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3480b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3481b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3482b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\Windows\system32\ole32.dll'
3483b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3484b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3485b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3486b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3487b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3488b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3489b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b585a0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3490b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4840000 'C:\Windows\System32\dsound.dll'
3491b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3492b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3493b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafb0000 'C:\Windows\system32\winmm.dll'
3494b98.13a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\OLEAUT32.dll'
3495b98.a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3496b98.a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e4b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3497b98.a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3498b98.a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\Windows\system32/kernel32.dll'
3499b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001198 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
3500b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3501b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3502b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
3503b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bddd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3504b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\WINTRUST.DLL'
3505b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
3506b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007bddd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3507b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPT32.dll'
3508b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B48D4C63C7308FE42B2B7DF054999F6CE86C20
3509b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
3510b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
3511b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3512b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3513b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
3514b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3515b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3516b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
3517b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
3518b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3519b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3520b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3521b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3522b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3523b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3524b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
3525b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3526b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3527b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bda70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3528b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
3529b98.101c: supR3HardenedDllNotificationCallback: load 000007fefad10000 LB 0x0009c000 C:\Windows\system32\mscms.dll [fFlags=0x0]
3530b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
3531b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad10000 'C:\Windows\system32\mscms.dll'
3532b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b8 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
3533b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3534b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3535b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A467A1C0C873D06FC9374DE3DAC05A8C3CE89002
3536b98.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
3537b98.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3538b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3539b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
3540b98.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3541b98.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
3542b98.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
3543b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3544b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3545b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
3546b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
3547b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
3548b98.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
3549b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3550b98.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3551b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bda70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3552b98.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
3553b98.101c: supR3HardenedDllNotificationCallback: load 000007fefaa70000 LB 0x00042000 C:\Windows\system32\icm32.dll [fFlags=0x0]
3554b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
3555b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa70000 'C:\Windows\system32\icm32.dll'
3556b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000113c pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
3557b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3558b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3559b98.b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
3560b98.b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007bda70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3561b98.b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\WINTRUST.DLL'
3562b98.b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
3563b98.b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007bda70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3564b98.b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPT32.dll'
3565b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
3566b98.b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
3567b98.b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0eed0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3568b98.b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9910000 'C:\Windows\system32\cryptnet.dll'
3569b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
3570b98.b94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3571b98.b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3572b98.b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3573b98.b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3574b98.b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3575b98.b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
3576b98.b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3577b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3578b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3579b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3580b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3581b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3582b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3583b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3584b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3585b98.b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3586b98.b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3587b98.b94: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
3588b98.b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3589b98.b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\mswsock.dll'
3590b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011f8 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3591b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076a840
3592b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076a840
3593b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
3594b98.b94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
3595b98.b94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3596b98.b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
3597b98.b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
3598b98.b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3599b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3600b98.b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3601b98.b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3602b98.b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3603b98.b94: supR3HardenedDllNotificationCallback: load 000007fefc630000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
3604b98.b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3605b98.b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc630000 'C:\Windows\System32\wshtcpip.dll'
3606b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3607b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3608b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3609b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3610b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3611b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3612b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3613b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3614b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3615b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3616b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3617b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3618b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3619b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3620b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3621b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
3622b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0e660:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3623b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3624b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
3625b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3626b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32\shell32.dll'
3627b98.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
3628b98.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007be400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3629b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\Windows\system32\shell32.dll'
3630b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3631b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3632b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3633b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3634b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3635b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3636b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3637b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3638b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3639b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3640b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3641b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3642b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3643b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3644b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'
3645b98.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775d0000 'C:\Windows\system32\user32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy