VirtualBox

Ticket #14907: VBoxHardening.log

File VBoxHardening.log, 370.3 KB (added by kayk, 9 years ago)
Line 
13d0.15ec: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000003c g_uNtVerCombined=0x611db110
23d0.15ec: \SystemRoot\System32\ntdll.dll:
33d0.15ec: CreationTime: 2015-11-16T07:09:01.322997300Z
43d0.15ec: LastWriteTime: 2015-10-20T01:14:50.063502400Z
53d0.15ec: ChangeTime: 2015-11-19T07:55:16.822423400Z
63d0.15ec: FileAttributes: 0x20
73d0.15ec: Size: 0x1a65c0
83d0.15ec: NT Headers: 0xe0
93d0.15ec: Timestamp: 0x562593df
103d0.15ec: Machine: 0x8664 - amd64
113d0.15ec: Timestamp: 0x562593df
123d0.15ec: Image Version: 6.1
133d0.15ec: SizeOfImage: 0x1a9000 (1740800)
143d0.15ec: Resource Dir: 0x14d000 LB 0x5a028
153d0.15ec: ProductName: Microsoft® Windows® Operating System
163d0.15ec: ProductVersion: 6.1.7601.23250
173d0.15ec: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
183d0.15ec: FileDescription: NT Layer DLL
193d0.15ec: \SystemRoot\System32\kernel32.dll:
203d0.15ec: CreationTime: 2015-11-16T07:09:01.244997300Z
213d0.15ec: LastWriteTime: 2015-10-20T01:11:29.482000000Z
223d0.15ec: ChangeTime: 2015-11-19T07:55:16.978423700Z
233d0.15ec: FileAttributes: 0x20
243d0.15ec: Size: 0x11cc00
253d0.15ec: NT Headers: 0xe0
263d0.15ec: Timestamp: 0x562593c6
273d0.15ec: Machine: 0x8664 - amd64
283d0.15ec: Timestamp: 0x562593c6
293d0.15ec: Image Version: 6.1
303d0.15ec: SizeOfImage: 0x120000 (1179648)
313d0.15ec: Resource Dir: 0x117000 LB 0x528
323d0.15ec: ProductName: Microsoft® Windows® Operating System
333d0.15ec: ProductVersion: 6.1.7601.23250
343d0.15ec: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
353d0.15ec: FileDescription: Windows NT BASE API Client DLL
363d0.15ec: \SystemRoot\System32\KernelBase.dll:
373d0.15ec: CreationTime: 2015-11-16T07:09:02.446197300Z
383d0.15ec: LastWriteTime: 2015-10-20T01:11:29.482000000Z
393d0.15ec: ChangeTime: 2015-11-19T07:55:16.978423700Z
403d0.15ec: FileAttributes: 0x20
413d0.15ec: Size: 0x66e00
423d0.15ec: NT Headers: 0xe8
433d0.15ec: Timestamp: 0x562593c7
443d0.15ec: Machine: 0x8664 - amd64
453d0.15ec: Timestamp: 0x562593c7
463d0.15ec: Image Version: 6.1
473d0.15ec: SizeOfImage: 0x6b000 (438272)
483d0.15ec: Resource Dir: 0x69000 LB 0x530
493d0.15ec: ProductName: Microsoft® Windows® Operating System
503d0.15ec: ProductVersion: 6.1.7601.23250
513d0.15ec: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
523d0.15ec: FileDescription: Windows NT BASE API Client DLL
533d0.15ec: \SystemRoot\System32\apisetschema.dll:
543d0.15ec: CreationTime: 2015-11-16T07:09:03.272997300Z
553d0.15ec: LastWriteTime: 2015-10-20T01:01:42.446000000Z
563d0.15ec: ChangeTime: 2015-11-19T07:55:16.822423400Z
573d0.15ec: FileAttributes: 0x20
583d0.15ec: Size: 0x1a00
593d0.15ec: NT Headers: 0xc0
603d0.15ec: Timestamp: 0x562592bb
613d0.15ec: Machine: 0x8664 - amd64
623d0.15ec: Timestamp: 0x562592bb
633d0.15ec: Image Version: 6.1
643d0.15ec: SizeOfImage: 0x50000 (327680)
653d0.15ec: Resource Dir: 0x30000 LB 0x3f8
663d0.15ec: ProductName: Microsoft® Windows® Operating System
673d0.15ec: ProductVersion: 6.1.7601.23250
683d0.15ec: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
693d0.15ec: FileDescription: ApiSet Schema DLL
703d0.15ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
713d0.15ec: supR3HardenedWinFindAdversaries: 0x20
723d0.15ec: \SystemRoot\System32\drivers\mfeapfk.sys:
733d0.15ec: CreationTime: 2011-04-06T06:41:16.812500000Z
743d0.15ec: LastWriteTime: 2012-09-25T06:17:48.000000000Z
753d0.15ec: ChangeTime: 2014-06-23T16:17:01.673872200Z
763d0.15ec: FileAttributes: 0x20
773d0.15ec: Size: 0x294e8
783d0.15ec: NT Headers: 0xe8
793d0.15ec: Timestamp: 0x505b41aa
803d0.15ec: Machine: 0x8664 - amd64
813d0.15ec: Timestamp: 0x505b41aa
823d0.15ec: Image Version: 0.0
833d0.15ec: SizeOfImage: 0x27580 (161152)
843d0.15ec: Resource Dir: 0x26e00 LB 0x340
853d0.15ec: ProductName: SYSCORE
863d0.15ec: FileVersion: SYSCORE.15.0.0.537
873d0.15ec: PrivateBuild: SYSCORE.15.0.0.537 F16
883d0.15ec: FileDescription: Access Protection Filter Driver
893d0.15ec: \SystemRoot\System32\drivers\mfeavfk.sys:
903d0.15ec: CreationTime: 2011-04-06T06:41:16.734375000Z
913d0.15ec: LastWriteTime: 2012-09-25T06:17:58.000000000Z
923d0.15ec: ChangeTime: 2014-06-23T16:17:01.689472200Z
933d0.15ec: FileAttributes: 0x20
943d0.15ec: Size: 0x45070
953d0.15ec: NT Headers: 0xe8
963d0.15ec: Timestamp: 0x505b41c6
973d0.15ec: Machine: 0x8664 - amd64
983d0.15ec: Timestamp: 0x505b41c6
993d0.15ec: Image Version: 0.0
1003d0.15ec: SizeOfImage: 0x42e80 (274048)
1013d0.15ec: Resource Dir: 0x42480 LB 0x358
1023d0.15ec: ProductName: SYSCORE
1033d0.15ec: FileVersion: SYSCORE.15.0.0.537
1043d0.15ec: PrivateBuild: SYSCORE.15.0.0.537 F15,F16,F19
1053d0.15ec: FileDescription: Anti-Virus File System Filter Driver
1063d0.15ec: \SystemRoot\System32\drivers\mfehidk.sys:
1073d0.15ec: CreationTime: 2011-04-06T06:41:16.250000000Z
1083d0.15ec: LastWriteTime: 2012-09-25T06:18:46.000000000Z
1093d0.15ec: ChangeTime: 2014-06-23T16:17:01.720672300Z
1103d0.15ec: FileAttributes: 0x20
1113d0.15ec: Size: 0xa4758
1123d0.15ec: NT Headers: 0xe8
1133d0.15ec: Timestamp: 0x505b417b
1143d0.15ec: Machine: 0x8664 - amd64
1153d0.15ec: Timestamp: 0x505b417b
1163d0.15ec: Image Version: 0.0
1173d0.15ec: SizeOfImage: 0xa1c80 (662656)
1183d0.15ec: Resource Dir: 0x9fa00 LB 0x348
1193d0.15ec: ProductName: SYSCORE
1203d0.15ec: FileVersion: SYSCORE.15.0.0.537
1213d0.15ec: PrivateBuild: SYSCORE.15.0.0.537 F14,F15,F16,F18,F20
1223d0.15ec: FileDescription: McAfee Link Driver
1233d0.15ec: \SystemRoot\System32\drivers\mfewfpk.sys:
1243d0.15ec: CreationTime: 2011-04-06T06:41:01.796875000Z
1253d0.15ec: LastWriteTime: 2012-09-25T06:19:50.000000000Z
1263d0.15ec: ChangeTime: 2014-06-23T16:17:01.736272300Z
1273d0.15ec: FileAttributes: 0x20
1283d0.15ec: Size: 0x4a880
1293d0.15ec: NT Headers: 0xf8
1303d0.15ec: Timestamp: 0x505b418a
1313d0.15ec: Machine: 0x8664 - amd64
1323d0.15ec: Timestamp: 0x505b418a
1333d0.15ec: Image Version: 0.0
1343d0.15ec: SizeOfImage: 0x48600 (296448)
1353d0.15ec: Resource Dir: 0x47c80 LB 0x348
1363d0.15ec: ProductName: SYSCORE
1373d0.15ec: FileVersion: SYSCORE.15.0.0.537
1383d0.15ec: PrivateBuild: SYSCORE.15.0.0.537 F17,F18
1393d0.15ec: FileDescription: Anti-Virus Mini-Firewall Driver
1403d0.15ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1413d0.15ec: Calling main()
1423d0.15ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1433d0.15ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1443d0.15ec: SUPR3HardenedMain: Respawn #1
1453d0.15ec: System32: \Device\HarddiskVolume2\Windows\System32
1463d0.15ec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1473d0.15ec: KnownDllPath: C:\windows\system32
1483d0.15ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1493d0.15ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1503d0.15ec: supR3HardNtEnableThreadCreation:
1513d0.15ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007713a430 pvNtTerminateThread=000000007715c360
1523d0.15ec: supR3HardenedWinDoReSpawn(1): New child 1598.171c [kernel32].
1533d0.15ec: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
1543d0.15ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077110000 uNtDllChildAddr=0000000077110000
1553d0.15ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007713a430
1563d0.15ec: supR3HardenedWinSetupChildInit: Start child.
1573d0.15ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1583d0.15ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
1593d0.15ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1603d0.15ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1613d0.15ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1623d0.15ec: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1633d0.15ec: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1643d0.15ec: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1653d0.15ec: 0000000000041000-ffffffffffef1fff 0x0001/0x0000 0x0000000
1663d0.15ec: *0000000000190000-0000000000093fff 0x0000/0x0004 0x0020000
1673d0.15ec: 000000000028c000-0000000000288fff 0x0104/0x0004 0x0020000
1683d0.15ec: 000000000028f000-000000000028dfff 0x0004/0x0004 0x0020000
1693d0.15ec: 0000000000290000-ffffffff8940ffff 0x0001/0x0000 0x0000000
1703d0.15ec: *0000000077110000-0000000077110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1713d0.15ec: 0000000077111000-000000007720cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1723d0.15ec: 000000007720d000-000000007723bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1733d0.15ec: 000000007723c000-0000000077245fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1743d0.15ec: 0000000077246000-0000000077246fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1753d0.15ec: 0000000077247000-0000000077249fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1763d0.15ec: 000000007724a000-00000000772b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1773d0.15ec: 00000000772b9000-000000006f591fff 0x0001/0x0000 0x0000000
1783d0.15ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1793d0.15ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1803d0.15ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1813d0.15ec: 000000007fff0000-ffffffffc04cffff 0x0001/0x0000 0x0000000
1823d0.15ec: *000000013fb10000-000000013fb10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1833d0.15ec: 000000013fb11000-000000013fb97fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1843d0.15ec: 000000013fb98000-000000013fb98fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1853d0.15ec: 000000013fb99000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1863d0.15ec: 000000013fbe4000-000000013fbe4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1873d0.15ec: 000000013fbe5000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1883d0.15ec: 000000013fbe6000-000000013fbeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1893d0.15ec: 000000013fbeb000-000000013fbebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1903d0.15ec: 000000013fbec000-000000013fbecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1913d0.15ec: 000000013fbed000-000000013fbf0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1923d0.15ec: 000000013fbf1000-000000013fc3bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1933d0.15ec: 000000013fc3c000-fffff80380447fff 0x0001/0x0000 0x0000000
1943d0.15ec: *000007feff430000-000007feff430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1953d0.15ec: 000007feff431000-000007fdfe8b1fff 0x0001/0x0000 0x0000000
1963d0.15ec: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1973d0.15ec: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
1983d0.15ec: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
1993d0.15ec: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
2003d0.15ec: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
2013d0.15ec: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2023d0.15ec: apisetschema.dll: timestamp 0x562592bb (rc=VINF_SUCCESS)
2033d0.15ec: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
2043d0.15ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2053d0.15ec: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2063d0.15ec: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2073d0.15ec: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
2081598.171c: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2091598.171c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077110000
2103d0.15ec: supR3HardNtEnableThreadCreation:
2111598.171c: ntdll.dll: timestamp 0x562593df (rc=VINF_SUCCESS)
2121598.171c: New simple heap: #1 0000000000290000 LB 0x400000 (for 1740800 allocation)
2131598.171c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2141598.171c: System32: \Device\HarddiskVolume2\Windows\System32
2151598.171c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2161598.171c: KnownDllPath: C:\windows\system32
2171598.171c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2181598.171c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2191598.171c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2201598.171c: Registered Dll notification callback with NTDLL.
2211598.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2221598.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2231598.171c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2241598.171c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2251598.171c: supR3HardenedDllNotificationCallback: load 0000000076c90000 LB 0x00120000 C:\windows\system32\kernel32.dll [fFlags=0x0]
2261598.171c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2271598.171c: supR3HardenedDllNotificationCallback: load 000007fefd7d0000 LB 0x0006b000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
2281598.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2291598.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2301598.171c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32\kernel32.dll'
2311598.171c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007713a430 pvNtTerminateThread=000000007715c360
2323d0.15ec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
2331598.171c: \SystemRoot\System32\ntdll.dll:
2341598.171c: CreationTime: 2015-11-16T07:09:01.322997300Z
2351598.171c: LastWriteTime: 2015-10-20T01:14:50.063502400Z
2361598.171c: ChangeTime: 2015-11-19T07:55:16.822423400Z
2371598.171c: FileAttributes: 0x20
2381598.171c: Size: 0x1a65c0
2391598.171c: NT Headers: 0xe0
2401598.171c: Timestamp: 0x562593df
2411598.171c: Machine: 0x8664 - amd64
2421598.171c: Timestamp: 0x562593df
2431598.171c: Image Version: 6.1
2441598.171c: SizeOfImage: 0x1a9000 (1740800)
2451598.171c: Resource Dir: 0x14d000 LB 0x5a028
2461598.171c: ProductName: Microsoft® Windows® Operating System
2471598.171c: ProductVersion: 6.1.7601.23250
2481598.171c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
2491598.171c: FileDescription: NT Layer DLL
2501598.171c: \SystemRoot\System32\kernel32.dll:
2511598.171c: CreationTime: 2015-11-16T07:09:01.244997300Z
2521598.171c: LastWriteTime: 2015-10-20T01:11:29.482000000Z
2531598.171c: ChangeTime: 2015-11-19T07:55:16.978423700Z
2541598.171c: FileAttributes: 0x20
2551598.171c: Size: 0x11cc00
2561598.171c: NT Headers: 0xe0
2571598.171c: Timestamp: 0x562593c6
2581598.171c: Machine: 0x8664 - amd64
2591598.171c: Timestamp: 0x562593c6
2601598.171c: Image Version: 6.1
2611598.171c: SizeOfImage: 0x120000 (1179648)
2621598.171c: Resource Dir: 0x117000 LB 0x528
2631598.171c: ProductName: Microsoft® Windows® Operating System
2641598.171c: ProductVersion: 6.1.7601.23250
2651598.171c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
2661598.171c: FileDescription: Windows NT BASE API Client DLL
2671598.171c: \SystemRoot\System32\KernelBase.dll:
2681598.171c: CreationTime: 2015-11-16T07:09:02.446197300Z
2691598.171c: LastWriteTime: 2015-10-20T01:11:29.482000000Z
2701598.171c: ChangeTime: 2015-11-19T07:55:16.978423700Z
2711598.171c: FileAttributes: 0x20
2721598.171c: Size: 0x66e00
2731598.171c: NT Headers: 0xe8
2741598.171c: Timestamp: 0x562593c7
2751598.171c: Machine: 0x8664 - amd64
2761598.171c: Timestamp: 0x562593c7
2771598.171c: Image Version: 6.1
2781598.171c: SizeOfImage: 0x6b000 (438272)
2791598.171c: Resource Dir: 0x69000 LB 0x530
2801598.171c: ProductName: Microsoft® Windows® Operating System
2811598.171c: ProductVersion: 6.1.7601.23250
2821598.171c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
2831598.171c: FileDescription: Windows NT BASE API Client DLL
2841598.171c: \SystemRoot\System32\apisetschema.dll:
2851598.171c: CreationTime: 2015-11-16T07:09:03.272997300Z
2861598.171c: LastWriteTime: 2015-10-20T01:01:42.446000000Z
2871598.171c: ChangeTime: 2015-11-19T07:55:16.822423400Z
2881598.171c: FileAttributes: 0x20
2891598.171c: Size: 0x1a00
2901598.171c: NT Headers: 0xc0
2911598.171c: Timestamp: 0x562592bb
2921598.171c: Machine: 0x8664 - amd64
2931598.171c: Timestamp: 0x562592bb
2941598.171c: Image Version: 6.1
2951598.171c: SizeOfImage: 0x50000 (327680)
2961598.171c: Resource Dir: 0x30000 LB 0x3f8
2971598.171c: ProductName: Microsoft® Windows® Operating System
2981598.171c: ProductVersion: 6.1.7601.23250
2991598.171c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
3001598.171c: FileDescription: ApiSet Schema DLL
3011598.171c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3021598.171c: supR3HardenedWinFindAdversaries: 0x20
3031598.171c: \SystemRoot\System32\drivers\mfeapfk.sys:
3041598.171c: CreationTime: 2011-04-06T06:41:16.812500000Z
3051598.171c: LastWriteTime: 2012-09-25T06:17:48.000000000Z
3061598.171c: ChangeTime: 2014-06-23T16:17:01.673872200Z
3071598.171c: FileAttributes: 0x20
3081598.171c: Size: 0x294e8
3091598.171c: NT Headers: 0xe8
3101598.171c: Timestamp: 0x505b41aa
3111598.171c: Machine: 0x8664 - amd64
3121598.171c: Timestamp: 0x505b41aa
3131598.171c: Image Version: 0.0
3141598.171c: SizeOfImage: 0x27580 (161152)
3151598.171c: Resource Dir: 0x26e00 LB 0x340
3161598.171c: ProductName: SYSCORE
3171598.171c: FileVersion: SYSCORE.15.0.0.537
3181598.171c: PrivateBuild: SYSCORE.15.0.0.537 F16
3191598.171c: FileDescription: Access Protection Filter Driver
3201598.171c: \SystemRoot\System32\drivers\mfeavfk.sys:
3211598.171c: CreationTime: 2011-04-06T06:41:16.734375000Z
3221598.171c: LastWriteTime: 2012-09-25T06:17:58.000000000Z
3231598.171c: ChangeTime: 2014-06-23T16:17:01.689472200Z
3241598.171c: FileAttributes: 0x20
3251598.171c: Size: 0x45070
3261598.171c: NT Headers: 0xe8
3271598.171c: Timestamp: 0x505b41c6
3281598.171c: Machine: 0x8664 - amd64
3291598.171c: Timestamp: 0x505b41c6
3301598.171c: Image Version: 0.0
3311598.171c: SizeOfImage: 0x42e80 (274048)
3321598.171c: Resource Dir: 0x42480 LB 0x358
3331598.171c: ProductName: SYSCORE
3341598.171c: FileVersion: SYSCORE.15.0.0.537
3351598.171c: PrivateBuild: SYSCORE.15.0.0.537 F15,F16,F19
3361598.171c: FileDescription: Anti-Virus File System Filter Driver
3371598.171c: \SystemRoot\System32\drivers\mfehidk.sys:
3381598.171c: CreationTime: 2011-04-06T06:41:16.250000000Z
3391598.171c: LastWriteTime: 2012-09-25T06:18:46.000000000Z
3401598.171c: ChangeTime: 2014-06-23T16:17:01.720672300Z
3411598.171c: FileAttributes: 0x20
3421598.171c: Size: 0xa4758
3431598.171c: NT Headers: 0xe8
3441598.171c: Timestamp: 0x505b417b
3451598.171c: Machine: 0x8664 - amd64
3461598.171c: Timestamp: 0x505b417b
3471598.171c: Image Version: 0.0
3481598.171c: SizeOfImage: 0xa1c80 (662656)
3491598.171c: Resource Dir: 0x9fa00 LB 0x348
3501598.171c: ProductName: SYSCORE
3511598.171c: FileVersion: SYSCORE.15.0.0.537
3521598.171c: PrivateBuild: SYSCORE.15.0.0.537 F14,F15,F16,F18,F20
3531598.171c: FileDescription: McAfee Link Driver
3541598.171c: \SystemRoot\System32\drivers\mfewfpk.sys:
3551598.171c: CreationTime: 2011-04-06T06:41:01.796875000Z
3561598.171c: LastWriteTime: 2012-09-25T06:19:50.000000000Z
3571598.171c: ChangeTime: 2014-06-23T16:17:01.736272300Z
3581598.171c: FileAttributes: 0x20
3591598.171c: Size: 0x4a880
3601598.171c: NT Headers: 0xf8
3611598.171c: Timestamp: 0x505b418a
3621598.171c: Machine: 0x8664 - amd64
3631598.171c: Timestamp: 0x505b418a
3641598.171c: Image Version: 0.0
3651598.171c: SizeOfImage: 0x48600 (296448)
3661598.171c: Resource Dir: 0x47c80 LB 0x348
3671598.171c: ProductName: SYSCORE
3681598.171c: FileVersion: SYSCORE.15.0.0.537
3691598.171c: PrivateBuild: SYSCORE.15.0.0.537 F17,F18
3701598.171c: FileDescription: Anti-Virus Mini-Firewall Driver
3711598.171c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3721598.171c: Calling main()
3731598.171c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3741598.171c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3751598.171c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3761598.171c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3771598.171c: SUPR3HardenedMain: Respawn #2
3781598.171c: supR3HardNtEnableThreadCreation:
3791598.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3801598.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3811598.171c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3821598.171c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3831598.171c: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
3841598.171c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3851598.171c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\windows\system32\apphelp.dll'
3861598.171c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007713a430 pvNtTerminateThread=000000007715c360
3871598.171c: supR3HardenedWinDoReSpawn(2): New child 169c.99c [kernel32].
3881598.171c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
3891598.171c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077110000 uNtDllChildAddr=0000000077110000
3901598.171c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007713a430
3911598.171c: supR3HardenedWinSetupChildInit: Start child.
3921598.171c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3931598.171c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
3941598.171c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3951598.171c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3961598.171c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3971598.171c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3981598.171c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3991598.171c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4001598.171c: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
4011598.171c: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
4021598.171c: 00000000002ec000-00000000002e8fff 0x0104/0x0004 0x0020000
4031598.171c: 00000000002ef000-00000000002edfff 0x0004/0x0004 0x0020000
4041598.171c: 00000000002f0000-ffffffff894cffff 0x0001/0x0000 0x0000000
4051598.171c: *0000000077110000-0000000077110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4061598.171c: 0000000077111000-000000007720cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4071598.171c: 000000007720d000-000000007723bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4081598.171c: 000000007723c000-0000000077245fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4091598.171c: 0000000077246000-0000000077246fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4101598.171c: 0000000077247000-0000000077249fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4111598.171c: 000000007724a000-00000000772b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4121598.171c: 00000000772b9000-000000006f591fff 0x0001/0x0000 0x0000000
4131598.171c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4141598.171c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4151598.171c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4161598.171c: 000000007fff0000-ffffffffc04cffff 0x0001/0x0000 0x0000000
4171598.171c: *000000013fb10000-000000013fb10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4181598.171c: 000000013fb11000-000000013fb97fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4191598.171c: 000000013fb98000-000000013fb98fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4201598.171c: 000000013fb99000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4211598.171c: 000000013fbe4000-000000013fbe4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4221598.171c: 000000013fbe5000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4231598.171c: 000000013fbe6000-000000013fbeafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4241598.171c: 000000013fbeb000-000000013fbebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4251598.171c: 000000013fbec000-000000013fbecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4261598.171c: 000000013fbed000-000000013fbf0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4271598.171c: 000000013fbf1000-000000013fc3bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4281598.171c: 000000013fc3c000-fffff80380447fff 0x0001/0x0000 0x0000000
4291598.171c: *000007feff430000-000007feff430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4301598.171c: 000007feff431000-000007fdfe8b1fff 0x0001/0x0000 0x0000000
4311598.171c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4321598.171c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
4331598.171c: *000007fffffdd000-000007fffffdbfff 0x0004/0x0004 0x0020000
4341598.171c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4351598.171c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4361598.171c: apisetschema.dll: timestamp 0x562592bb (rc=VINF_SUCCESS)
4371598.171c: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
4381598.171c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4391598.171c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4401598.171c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4411598.171c: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
4421598.171c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
443169c.99c: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
444169c.99c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077110000
4451598.171c: supR3HardNtEnableThreadCreation:
446169c.99c: ntdll.dll: timestamp 0x562593df (rc=VINF_SUCCESS)
447169c.99c: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
448169c.99c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
449169c.99c: System32: \Device\HarddiskVolume2\Windows\System32
450169c.99c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
451169c.99c: KnownDllPath: C:\windows\system32
452169c.99c: supR3HardenedVmProcessInit: Opening vboxdrv...
453169c.99c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
454169c.99c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
455169c.99c: Registered Dll notification callback with NTDLL.
456169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
457169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
458169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
459169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
460169c.99c: supR3HardenedDllNotificationCallback: load 0000000076c90000 LB 0x00120000 C:\windows\system32\kernel32.dll [fFlags=0x0]
461169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
462169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd7d0000 LB 0x0006b000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
463169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
464169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
465169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32\kernel32.dll'
466169c.99c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007713a430 pvNtTerminateThread=000000007715c360
4671598.171c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
468169c.99c: \SystemRoot\System32\ntdll.dll:
469169c.99c: CreationTime: 2015-11-16T07:09:01.322997300Z
470169c.99c: LastWriteTime: 2015-10-20T01:14:50.063502400Z
471169c.99c: ChangeTime: 2015-11-19T07:55:16.822423400Z
472169c.99c: FileAttributes: 0x20
473169c.99c: Size: 0x1a65c0
474169c.99c: NT Headers: 0xe0
475169c.99c: Timestamp: 0x562593df
476169c.99c: Machine: 0x8664 - amd64
477169c.99c: Timestamp: 0x562593df
478169c.99c: Image Version: 6.1
479169c.99c: SizeOfImage: 0x1a9000 (1740800)
480169c.99c: Resource Dir: 0x14d000 LB 0x5a028
481169c.99c: ProductName: Microsoft® Windows® Operating System
482169c.99c: ProductVersion: 6.1.7601.23250
483169c.99c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
484169c.99c: FileDescription: NT Layer DLL
485169c.99c: \SystemRoot\System32\kernel32.dll:
486169c.99c: CreationTime: 2015-11-16T07:09:01.244997300Z
487169c.99c: LastWriteTime: 2015-10-20T01:11:29.482000000Z
488169c.99c: ChangeTime: 2015-11-19T07:55:16.978423700Z
489169c.99c: FileAttributes: 0x20
490169c.99c: Size: 0x11cc00
491169c.99c: NT Headers: 0xe0
492169c.99c: Timestamp: 0x562593c6
493169c.99c: Machine: 0x8664 - amd64
494169c.99c: Timestamp: 0x562593c6
495169c.99c: Image Version: 6.1
496169c.99c: SizeOfImage: 0x120000 (1179648)
497169c.99c: Resource Dir: 0x117000 LB 0x528
498169c.99c: ProductName: Microsoft® Windows® Operating System
499169c.99c: ProductVersion: 6.1.7601.23250
500169c.99c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
501169c.99c: FileDescription: Windows NT BASE API Client DLL
502169c.99c: \SystemRoot\System32\KernelBase.dll:
503169c.99c: CreationTime: 2015-11-16T07:09:02.446197300Z
504169c.99c: LastWriteTime: 2015-10-20T01:11:29.482000000Z
505169c.99c: ChangeTime: 2015-11-19T07:55:16.978423700Z
506169c.99c: FileAttributes: 0x20
507169c.99c: Size: 0x66e00
508169c.99c: NT Headers: 0xe8
509169c.99c: Timestamp: 0x562593c7
510169c.99c: Machine: 0x8664 - amd64
511169c.99c: Timestamp: 0x562593c7
512169c.99c: Image Version: 6.1
513169c.99c: SizeOfImage: 0x6b000 (438272)
514169c.99c: Resource Dir: 0x69000 LB 0x530
515169c.99c: ProductName: Microsoft® Windows® Operating System
516169c.99c: ProductVersion: 6.1.7601.23250
517169c.99c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
518169c.99c: FileDescription: Windows NT BASE API Client DLL
519169c.99c: \SystemRoot\System32\apisetschema.dll:
520169c.99c: CreationTime: 2015-11-16T07:09:03.272997300Z
521169c.99c: LastWriteTime: 2015-10-20T01:01:42.446000000Z
522169c.99c: ChangeTime: 2015-11-19T07:55:16.822423400Z
523169c.99c: FileAttributes: 0x20
524169c.99c: Size: 0x1a00
525169c.99c: NT Headers: 0xc0
526169c.99c: Timestamp: 0x562592bb
527169c.99c: Machine: 0x8664 - amd64
528169c.99c: Timestamp: 0x562592bb
529169c.99c: Image Version: 6.1
530169c.99c: SizeOfImage: 0x50000 (327680)
531169c.99c: Resource Dir: 0x30000 LB 0x3f8
532169c.99c: ProductName: Microsoft® Windows® Operating System
533169c.99c: ProductVersion: 6.1.7601.23250
534169c.99c: FileVersion: 6.1.7601.23250 (win7sp1_ldr.151019-1255)
535169c.99c: FileDescription: ApiSet Schema DLL
536169c.99c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
537169c.99c: supR3HardenedWinFindAdversaries: 0x20
538169c.99c: \SystemRoot\System32\drivers\mfeapfk.sys:
539169c.99c: CreationTime: 2011-04-06T06:41:16.812500000Z
540169c.99c: LastWriteTime: 2012-09-25T06:17:48.000000000Z
541169c.99c: ChangeTime: 2014-06-23T16:17:01.673872200Z
542169c.99c: FileAttributes: 0x20
543169c.99c: Size: 0x294e8
544169c.99c: NT Headers: 0xe8
545169c.99c: Timestamp: 0x505b41aa
546169c.99c: Machine: 0x8664 - amd64
547169c.99c: Timestamp: 0x505b41aa
548169c.99c: Image Version: 0.0
549169c.99c: SizeOfImage: 0x27580 (161152)
550169c.99c: Resource Dir: 0x26e00 LB 0x340
551169c.99c: ProductName: SYSCORE
552169c.99c: FileVersion: SYSCORE.15.0.0.537
553169c.99c: PrivateBuild: SYSCORE.15.0.0.537 F16
554169c.99c: FileDescription: Access Protection Filter Driver
555169c.99c: \SystemRoot\System32\drivers\mfeavfk.sys:
556169c.99c: CreationTime: 2011-04-06T06:41:16.734375000Z
557169c.99c: LastWriteTime: 2012-09-25T06:17:58.000000000Z
558169c.99c: ChangeTime: 2014-06-23T16:17:01.689472200Z
559169c.99c: FileAttributes: 0x20
560169c.99c: Size: 0x45070
561169c.99c: NT Headers: 0xe8
562169c.99c: Timestamp: 0x505b41c6
563169c.99c: Machine: 0x8664 - amd64
564169c.99c: Timestamp: 0x505b41c6
565169c.99c: Image Version: 0.0
566169c.99c: SizeOfImage: 0x42e80 (274048)
567169c.99c: Resource Dir: 0x42480 LB 0x358
568169c.99c: ProductName: SYSCORE
569169c.99c: FileVersion: SYSCORE.15.0.0.537
570169c.99c: PrivateBuild: SYSCORE.15.0.0.537 F15,F16,F19
571169c.99c: FileDescription: Anti-Virus File System Filter Driver
572169c.99c: \SystemRoot\System32\drivers\mfehidk.sys:
573169c.99c: CreationTime: 2011-04-06T06:41:16.250000000Z
574169c.99c: LastWriteTime: 2012-09-25T06:18:46.000000000Z
575169c.99c: ChangeTime: 2014-06-23T16:17:01.720672300Z
576169c.99c: FileAttributes: 0x20
577169c.99c: Size: 0xa4758
578169c.99c: NT Headers: 0xe8
579169c.99c: Timestamp: 0x505b417b
580169c.99c: Machine: 0x8664 - amd64
581169c.99c: Timestamp: 0x505b417b
582169c.99c: Image Version: 0.0
583169c.99c: SizeOfImage: 0xa1c80 (662656)
584169c.99c: Resource Dir: 0x9fa00 LB 0x348
585169c.99c: ProductName: SYSCORE
586169c.99c: FileVersion: SYSCORE.15.0.0.537
587169c.99c: PrivateBuild: SYSCORE.15.0.0.537 F14,F15,F16,F18,F20
588169c.99c: FileDescription: McAfee Link Driver
589169c.99c: \SystemRoot\System32\drivers\mfewfpk.sys:
590169c.99c: CreationTime: 2011-04-06T06:41:01.796875000Z
591169c.99c: LastWriteTime: 2012-09-25T06:19:50.000000000Z
592169c.99c: ChangeTime: 2014-06-23T16:17:01.736272300Z
593169c.99c: FileAttributes: 0x20
594169c.99c: Size: 0x4a880
595169c.99c: NT Headers: 0xf8
596169c.99c: Timestamp: 0x505b418a
597169c.99c: Machine: 0x8664 - amd64
598169c.99c: Timestamp: 0x505b418a
599169c.99c: Image Version: 0.0
600169c.99c: SizeOfImage: 0x48600 (296448)
601169c.99c: Resource Dir: 0x47c80 LB 0x348
602169c.99c: ProductName: SYSCORE
603169c.99c: FileVersion: SYSCORE.15.0.0.537
604169c.99c: PrivateBuild: SYSCORE.15.0.0.537 F17,F18
605169c.99c: FileDescription: Anti-Virus Mini-Firewall Driver
606169c.99c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
607169c.99c: Calling main()
608169c.99c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
609169c.99c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
610169c.99c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
611169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
612169c.99c: SUPR3HardenedMain: Final process, opening VBoxDrv...
613169c.99c: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
614169c.99c: supR3HardNtEnableThreadCreation:
615169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
616169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
617169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007242c0:C:\windows\system32 [calling]
618169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
619169c.99c: supR3HardenedDllNotificationCallback: load 000007fef8f10000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
620169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
621169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
622169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
623169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
624169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
625169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
626169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
627169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
628169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
629169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
630169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
631169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
632169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
633169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
634169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
635169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
636169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
637169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
638169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
639169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
640169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
641169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
642169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
643169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
644169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
645169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
646169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
647169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
648169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
649169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
650169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
651169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
652169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
653169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
654169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
655169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
656169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
657169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
658169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007242c0:C:\windows\system32 [calling]
659169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
660169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd620000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
661169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
662169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe730000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
663169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
664169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
665169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
666169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd610000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
667169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
668169c.99c: supR3HardenedDllNotificationCallback: load 000007feff260000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
669169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
670169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\windows\system32\Wintrust.dll'
671169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
672169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
673169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007695a0:C:\windows\system32 [calling]
674169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
675169c.99c: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
676169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
677169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\windows\system32\bcrypt.dll'
678169c.99c: bcrypt.dll loaded at 000007fefce70000, BCryptOpenAlgorithmProvider at 000007fefce72640, preloading providers:
679169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
680169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
681169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
682169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
683169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
684169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
685169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
686169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
687169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
688169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
689169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
690169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
691169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
692169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
693169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
694169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
695169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
696169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
697169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
698169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
699169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
700169c.99c: supR3HardenedDllNotificationCallback: load 000007fefc8f0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
701169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
702169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe920000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
703169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
704169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
705169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
706169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
707169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
708169c.99c: supR3HardenedDllNotificationCallback: load 000007feff400000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
709169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
710169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\windows\system32\bcryptprimitives.dll'
711169c.99c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000076ad40)
712169c.99c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000076dc00)
713169c.99c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000076dd20)
714169c.99c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000076df30)
715169c.99c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000076e050)
716169c.99c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000076e170)
717169c.99c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000076e3b0)
718169c.99c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000076e4d0)
719169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
720169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
721169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
722169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
723169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
724169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
725169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
726169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
727169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
728169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
729169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
730169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
731169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\CRYPTSP.dll'
732169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
733169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
734169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
735169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
736169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
737169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
738169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
739169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
740169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
741169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
742169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'C:\windows\system32\rsaenh.dll'
743169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
744169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
745169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
746169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
747169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
748169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
749169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
750169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd3a0000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
751169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
752169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3a0000 'C:\windows\system32\CRYPTBASE.dll'
753169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
754169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
755169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32\kernel32.dll'
756169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
757169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
758169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\windows\system32\WINTRUST.DLL'
759169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
760169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
761169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\windows\system32\CRYPT32.dll'
762169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
763169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
764169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
765169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
766169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
767169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
768169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
769169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
770169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
771169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
772169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
773169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
774169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe7e0000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
775169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
776169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7e0000 'C:\windows\system32\imagehlp.dll'
777169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
778169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
779169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\CRYPTSP.dll'
780169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
781169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
782169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
783169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
784169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
785169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
786169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
787169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
788169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
789169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
790169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
791169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
792169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
793169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
794169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
795169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
796169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
797169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
798169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
799169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
800169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
801169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
802169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
803169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
804169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
805169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
806169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
807169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
808169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
809169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
810169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
811169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
812169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
813169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
814169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
815169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
816169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
817169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
818169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
819169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
820169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
821169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
822169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
823169c.99c: supR3HardenedDllNotificationCallback: load 0000000076a40000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
824169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
825169c.99c: supR3HardenedDllNotificationCallback: load 000007feff390000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
826169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
827169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe7d0000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
828169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
829169c.99c: supR3HardenedDllNotificationCallback: load 000007fefeb70000 LB 0x000c9000 C:\windows\system32\USP10.dll [fFlags=0x0]
830169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
831169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
832169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
833169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff390000 'C:\windows\system32\gdi32.dll'
834169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
835169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
836169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
837169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
838169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
839169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
840169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
841169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
842169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
843169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
844169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
845169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
846169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
847169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
848169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
849169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
850169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
851169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
852169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
853169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
854169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
855169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
856169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
857169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
858169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
859169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
860169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
861169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
862169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
863169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
864169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
865169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
866169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
867169c.99c: supR3HardenedDllNotificationCallback: load 000007feff1e0000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
868169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
869169c.99c: supR3HardenedDllNotificationCallback: load 000007feff030000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
870169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
871169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\windows\system32\IMM32.DLL'
872169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076a40000 'C:\windows\system32\USER32.dll'
873169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
874169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
875169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
876169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
877169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
878169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
879169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
880169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
881169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
882169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
883169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
884169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
885169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
886169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
887169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
888169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
889169c.99c: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
890169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
891169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\windows\system32\ncrypt.dll'
892169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
893169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
894169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\windows\system32\bcrypt.dll'
895169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
896169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
897169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
898169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
899169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
900169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
901169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
902169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
903169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
904169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
905169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
906169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
907169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
908169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
909169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
910169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
911169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
912169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
913169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
914169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
915169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
916169c.99c: supR3HardenedDllNotificationCallback: load 000007fefc730000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
917169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
918169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
919169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
920169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
921169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc730000 'C:\windows\system32\USERENV.dll'
922169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
923169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
924169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
925169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
926169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
927169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
928169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
929169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
930169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
931169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
932169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
933169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
934169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
935169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
936169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
937169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
938169c.99c: supR3HardenedDllNotificationCallback: load 000007fefc710000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
939169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
940169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc710000 'C:\windows\system32\GPAPI.dll'
941169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
942169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-Management-L1-1-0.dll'
943169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
944169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
945169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff260000 'C:\windows\system32\rpcrt4.dll'
946169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
947169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-Management-L2-1-0.dll'
948169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
949169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
950169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
951169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
952169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
953169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
954169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
955169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
956169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
957169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
958169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
959169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
960169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
961169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
962169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
963169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
964169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
965169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
966169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
967169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
968169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
969169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
970169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
971169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
972169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
973169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
974169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
975169c.99c: supR3HardenedDllNotificationCallback: load 000007fef0870000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
976169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
977169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe6d0000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
978169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
979169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
980169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
981169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
982169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
983169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
984169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
985169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
986169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
987169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
988169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
989169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
990169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
991169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
992169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
993169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
994169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
995169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
996169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
997169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
998169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
999169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1000169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1001169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1002169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1003169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1004169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1005169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1006169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1007169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1008169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1009169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0870000 'C:\windows\system32\cryptnet.dll'
1010169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1011169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1012169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1013169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1014169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\windows\system32\profapi.dll'
1015169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1016169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1017169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1018169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1019169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1020169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1021169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1022169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1023169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1024169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1025169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1026169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1027169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1028169c.99c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1029169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1030169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1031169c.99c: supR3HardenedDllNotificationCallback: load 000007fefeaf0000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
1032169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1033169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeaf0000 'C:\windows\system32\SHLWAPI.dll'
1034169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1035169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000076edf0
1036169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1037169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=877B58CB38139A8B364E7E067620475C50742DC0
1038169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1039169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1040169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1041169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1042169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1043169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1044169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1045169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1046169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
1047169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1048169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1049169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1050169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1051169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1052169c.99c: g_pfnWinVerifyTrust=000007fefd621010
1053169c.99c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1054169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1055169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1056169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1057169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B757256DD06374F77FF8DC61E1FEC0E93F3DF2F3
1058169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_192_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1059169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1060169c.99c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1061169c.99c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1062169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1063169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1064169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1065169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D66460DAFA96F2CF96829A002753DECB7ED7CF
1066169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1067169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1068169c.99c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1069169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1070169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1071169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1072169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1073169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1074169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1075169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1076169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1077169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1078169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1079169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1080169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1081169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1082169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1083169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1084169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1085169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1086169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2545617940C2A353D1E2B307B3C55DF27B1EEBE9
1087169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1088169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1089169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1090169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1091169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1092169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1093169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1094169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1095169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1096169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1097169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1098169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1099169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1100169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1101169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1102169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1103169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1104169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1105169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1106169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1107169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1108169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1109169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1110169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1111169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1112169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1113169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1114169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAA8B67643FCF8BD1E9971FF88478C3EA5456129
1115169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1116169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1117169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1118169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1119169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1120169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1121169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1122169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1123169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1124169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1125169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1126169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1127169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1128169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1129169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1130169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1131169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1132169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1133169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1134169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1135169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1136169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1137169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1138169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1139169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1140169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1141169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1142169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
1143169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1144169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1145169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1146169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1147169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1148169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1149169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
1150169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1151169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1152169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1153169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1154169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1155169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1156169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1157169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1158169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1159169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1160169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1161169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1162169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1163169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1164169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1165169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1166169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1167169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1168169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1169169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1170169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9665B3F49F86E378319B63FAF912A1E78614D81E
1171169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1172169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1173169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1174169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1175169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1176169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1177169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1178169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1179169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1180169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1181169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1182169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1183169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1184169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1185169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1186169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1187169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1188169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1189169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1190169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1191169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1192169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1193169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1194169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1195169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1196169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1197169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1198169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1199169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1200169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1201169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1202169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1203169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1204169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1205169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1206169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1207169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1208169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1209169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1210169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1211169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1212169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1213169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1214169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1215169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1216169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1217169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1218169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1219169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1220169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1221169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=93DEF15E41A1E12DA19C3E4743CBFCF5FD952FBB
1222169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1223169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1224169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1225169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1226169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1227169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1228169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1229169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4FD276F8B310395DEC4DAF15E2B4B9B98C17222A
1230169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1231169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1232169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1233169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1234169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1235169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1236169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E18C6C2EEFECF39C96AF722EEF48C5E715A9C71D
1237169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1238169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1239169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1240169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1241169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028ba910:C:\windows\system32 [calling]
1242169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\windows\system32\crypt32.dll'
1243169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1244169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1245169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1246169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1247169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1248169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1249169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1250169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1251169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xbd6a569c144cd700 O=Etat du Valais, OU=SCI-SAP, CN=Secure Login Root 2012
1252169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x45844e28570fb100 DC=ch, DC=vs, DC=infra, CN=Etat du Valais INFRA Root CA 1
1253169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1254169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1255169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1256169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1257169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1258169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1259169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1260169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1261169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1262169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1263169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1264169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1265169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1266169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1267169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1268169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1269169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1270169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1271169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1272169c.99c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1273169c.99c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=30
1274169c.99c: SUPR3HardenedMain: Load Runtime...
1275169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1276169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1277169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1278169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1279169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1280169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1281169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1282169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1283169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1284169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1285169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1286169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1287169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1288169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1289169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1290169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1291169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1292169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1293169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1294169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1295169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1296169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1297169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1298169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1299169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1300169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1301169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1302169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1303169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1304169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1305169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1306169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1307169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1308169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1309169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1310169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1311169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1312169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1313169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1314169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1315169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1316169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1317169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1318169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1319169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1320169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1321169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1322169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1323169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1324169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1325169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1326169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1327169c.99c: supR3HardenedDllNotificationCallback: load 000007fedda00000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1328169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1329169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1330169c.99c: supR3HardenedDllNotificationCallback: load 000000006c210000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1331169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1332169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1333169c.99c: supR3HardenedDllNotificationCallback: load 000000006c170000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1334169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1335169c.99c: supR3HardenedDllNotificationCallback: load 000007feff210000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
1336169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1337169c.99c: supR3HardenedDllNotificationCallback: load 000007fefeae0000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
1338169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1339169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1340169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1341169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1342169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1343169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1344169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1345169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1346169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1347169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1348169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1349169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1350169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1351169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1352169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1353169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1354169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1355169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1356169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1357169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1362169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1363169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1364169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1365169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1366169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1369169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1370169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1375169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1376169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1377169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1378169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1379169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1380169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1381169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1382169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1383169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724920:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;c:\oracle\10.2.0\client\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\Java\jre7\bin;C:\Program Files (x86)\Common Files\ThinPrint\;c:\sci;c:\test; [calling]
1384169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1385169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1386169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1387169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1388169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1389169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ef4070:C:\windows\system32 [calling]
1390169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd620000 'C:\windows\system32\Wintrust.dll'
1391169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1392169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ef4070:C:\windows\system32 [calling]
1393169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\windows\system32\crypt32.dll'
1394169c.99c: SUPR3HardenedMain: Load TrustedMain...
1395169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1396169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1397169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1398169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1399169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1400169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1401169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1402169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1403169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1404169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1405169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1406169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1407169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1408169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
1409169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1410169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1411169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1412169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1413169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1414169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1415169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1416169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1417169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1418169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1419169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1420169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1421169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1422169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1423169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1424169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1425169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1426169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1427169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1428169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1429169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1430169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1431169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1432169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1433169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1434169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1435169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1436169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1437169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1438169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1439169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1440169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1441169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1442169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1443169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1444169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1445169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
1446169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1447169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1448169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1449169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1450169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1451169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1452169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1453169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1454169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1455169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1456169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1457169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1458169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1459169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1460169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1461169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1462169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1463169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1464169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1465169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1466169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1467169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1468169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1469169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1470169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1471169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1472169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1473169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1474169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
1475169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1476169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1477169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1478169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1479169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1480169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1481169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1482169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1483169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1484169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1485169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1486169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1487169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1488169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1489169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1490169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1491169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1492169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1493169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1494169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1495169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1496169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1497169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1498169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1499169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1500169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1501169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1502169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1503169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1504169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1505169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1506169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1507169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1508169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1509169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1510169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1511169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1512169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1513169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1514169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1515169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1516169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1517169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1518169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1519169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1520169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1521169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1522169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1523169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1524169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1525169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1526169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1527169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1528169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1529169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1530169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1531169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1532169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1533169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1534169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1535169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1536169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1537169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1538169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1539169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1540169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1541169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1542169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1543169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1544169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1545169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1546169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1547169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1548169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1549169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1550169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1551169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1552169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1553169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1554169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1555169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1556169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1557169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1558169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1559169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1560169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1561169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1562169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1563169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1564169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1565169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1566169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1567169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1568169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1569169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1570169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1571169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1572169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1573169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1574169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1575169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1576169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1577169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1578169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1579169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1580169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1581169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1582169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1583169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1584169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1585169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1586169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1587169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1588169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1589169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1590169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1591169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1592169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1593169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1594169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1595169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1596169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1597169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1598169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1599169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1600169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1601169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1602169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1603169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1604169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1605169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1606169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1607169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1608169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1609169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1610169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1611169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1612169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1613169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1614169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1615169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1616169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1617169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1618169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1619169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1620169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1621169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1622169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1623169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1624169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1625169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1626169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1627169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1628169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1629169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1630169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1631169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1632169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1633169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1634169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1635169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1636169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1637169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1638169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1639169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1640169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1641169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1642169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1643169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1644169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1645169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1646169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1647169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1648169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1649169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1650169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1651169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1652169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1653169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1654169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1655169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1656169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1657169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1658169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1659169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1660169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1661169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1662169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1663169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1664169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1665169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1666169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1667169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1668169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1669169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1670169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1671169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1672169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1673169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1674169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1675169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1676169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1677169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1678169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1679169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1680169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1681169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1682169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1683169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1684169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1685169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1686169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1687169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1688169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1689169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1690169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1691169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1692169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1693169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1695169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1696169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1697169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1698169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1699169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1700169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1701169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1702169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1703169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1704169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1705169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1706169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1707169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1708169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1709169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1710169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1711169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1712169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1713169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1714169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1715169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1716169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1717169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1718169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1719169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1720169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1721169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1722169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1723169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1724169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1725169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1726169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1727169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1728169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1729169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1730169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1731169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1732169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1733169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1734169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1735169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1736169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1737169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1738169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1739169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1740169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1741169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1742169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1743169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1744169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1745169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1746169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1747169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1748169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1749169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1750169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1751169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1752169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1753169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1754169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1755169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1756169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1757169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1758169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1759169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1760169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1761169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1762169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1763169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1764169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1765169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1766169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1767169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1768169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1769169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1770169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1771169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1772169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1773169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1774169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1775169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1776169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1777169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1778169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1779169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1780169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1781169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1782169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1783169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1784169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
1785169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1786169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1787169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1788169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1789169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1790169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1791169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1792169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1793169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1794169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1795169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1796169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1797169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1798169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1799169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1800169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1801169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1802169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1803169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1804169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1805169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1806169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1807169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1808169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1809169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1810169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1811169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1812169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1813169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1814169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1815169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1816169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1817169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1818169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1819169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1820169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1821169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1822169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1823169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1824169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1825169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1826169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1827169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1828169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1829169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1830169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1831169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1832169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1833169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1834169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1835169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1836169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1837169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1838169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1839169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1840169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1841169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1842169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1843169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1844169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1845169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1846169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1847169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1848169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1849169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1850169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1851169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1852169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1853169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1854169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1855169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1856169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1857169c.99c: supR3HardenedDllNotificationCallback: load 000007fedcf40000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1858169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1859169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1860169c.99c: supR3HardenedDllNotificationCallback: load 000007fedfca0000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
1861169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1862169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1863169c.99c: supR3HardenedDllNotificationCallback: load 000007fee7ca0000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
1864169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1865169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1866169c.99c: supR3HardenedDllNotificationCallback: load 000007fedfba0000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
1867169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1868169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1869169c.99c: supR3HardenedDllNotificationCallback: load 000007fef8f00000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
1870169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1871169c.99c: supR3HardenedDllNotificationCallback: load 000007fefee50000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
1872169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1873169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
1874169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1875169c.99c: supR3HardenedDllNotificationCallback: load 000007fefea00000 LB 0x000d7000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
1876169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1877169c.99c: supR3HardenedDllNotificationCallback: load 000007fefec40000 LB 0x00203000 C:\windows\system32\ole32.dll [fFlags=0x0]
1878169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1879169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd920000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
1880169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1881169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1882169c.99c: supR3HardenedDllNotificationCallback: load 000007fef8f20000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
1883169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1884169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1885169c.99c: supR3HardenedDllNotificationCallback: load 000000006be90000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1886169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1887169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1888169c.99c: supR3HardenedDllNotificationCallback: load 000000006af20000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1889169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1890169c.99c: supR3HardenedDllNotificationCallback: load 000007fefe800000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
1891169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1892169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1893169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1894169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1895169c.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1896169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1897169c.99c: supR3HardenedDllNotificationCallback: load 000007fef2f50000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1898169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1899169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd940000 LB 0x00d89000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
1900169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1901169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1902169c.99c: supR3HardenedDllNotificationCallback: load 000007fef8a50000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
1903169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1904169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1905169c.99c: supR3HardenedDllNotificationCallback: load 000007fef9b20000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
1906169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1907169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1908169c.99c: supR3HardenedDllNotificationCallback: load 000000006bdb0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1909169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1910169c.99c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1911169c.99c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1912169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1913169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1914169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1915169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1916169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1917169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1918169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1919169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791ab0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1920169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1e0000 'C:\windows\system32\imm32.dll'
1921169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedcf40000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1922169c.99c: SUPR3HardenedMain: Calling TrustedMain (000007fedcf410d0)...
1923169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1924169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1925169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
1926169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000580 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1927169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1928169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1929169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1930169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1931169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1932169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1933169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1934169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1935169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1936169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1937169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1938169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1939169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1940169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1941169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1942169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1943169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d5860:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1944169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1945169c.99c: supR3HardenedDllNotificationCallback: load 000007fef8e60000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
1946169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1947169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1948169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1949169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d5860:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1950169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1951169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1952169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d6360:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1953169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1954169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1955169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d6360:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1956169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1957169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1958169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1959169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f20000 'C:\windows\system32\dwmapi.dll'
1960169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1961169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1962169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3a0000 'C:\windows\system32\CRYPTBASE.dll'
1963169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1964169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1965169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd940000 'C:\windows\system32\shell32.dll'
1966169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1967169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1968169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32\kernel32.dll'
1969169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1970169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1971169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1972169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1973169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1974169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1975169c.99c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
1976169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1977169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
1978169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076a40000 'C:\windows\system32\user32.dll'
1979169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1980169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1981169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e60000 'C:\windows\system32\uxtheme.dll'
1982169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076a40000 'C:\windows\system32\user32.dll'
1983169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\advapi32.dll'
1984169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1985169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1986169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc730000 'C:\windows\system32\userenv.dll'
1987169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1988169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
1989169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32\kernel32.dll'
1990169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1991169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
1992169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
1993169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1994169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1995169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1996169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1997169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1998169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1999169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2000169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2001169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2002169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2003169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2004169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2005169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2006169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2007169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2008169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2009169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2010169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2011169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2012169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2013169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2014169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2015169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2016169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2017169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2018169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2019169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791900:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2020169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2021169c.99c: supR3HardenedDllNotificationCallback: load 000007feff140000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
2022169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2023169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff140000 'C:\windows\system32\CLBCatQ.DLL'
2024169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
2025169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2026169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791c60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2027169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\CRYPTSP.dll'
2028169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2029169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2030169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2031169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2032169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2033169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2034169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2035169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2036169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2037169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2038169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2039169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000791c60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2040169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2041169c.99c: supR3HardenedDllNotificationCallback: load 000007fefd380000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
2042169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2043169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd380000 'C:\windows\system32\RpcRtRemote.dll'
2044169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2045169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2046169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2047169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2048169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2049169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
2050169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2051169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2052169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2053169c.a30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2054169c.a30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2055169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2056169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2057169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2058169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2059169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2060169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2061169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2062169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2063169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2064169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2065169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2066169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
2067169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2068169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2069169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
2070169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
2071169c.a30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2072169c.a30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2073169c.a30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
2074169c.a30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2075169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2076169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2077169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2078169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2079169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2080169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2081169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2082169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
2083169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2084169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2085169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
2086169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
2087169c.a30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2088169c.a30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
2089169c.a30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2090169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2091169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2092169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2093169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2094169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2095169c.a30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2096169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2097169c.a30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2098169c.a30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007d2950:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2099169c.a30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2100169c.a30: supR3HardenedDllNotificationCallback: load 000007fedc960000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2101169c.a30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2102169c.a30: supR3HardenedDllNotificationCallback: load 00000000772e0000 LB 0x00007000 C:\windows\system32\PSAPI.DLL [fFlags=0x0]
2103169c.a30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
2104169c.a30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2105169c.a30: supR3HardenedDllNotificationCallback: load 000007fefa090000 LB 0x0000c000 C:\windows\system32\VERSION.dll [fFlags=0x0]
2106169c.a30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2107169c.a30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc960000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2108169c.a30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2109169c.a30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d6360:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2110169c.a30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\Windows\system32\oleaut32.dll'
2111169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2112169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2113169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2114169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2115169c.a30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2116169c.a30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2117169c.a30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
2118169c.a30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2119169c.a30: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000792200:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2120169c.a30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2121169c.a30: supR3HardenedDllNotificationCallback: load 000007fefd420000 LB 0x00091000 C:\windows\system32\SXS.DLL [fFlags=0x0]
2122169c.a30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2123169c.a30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\SXS.DLL'
2124169c.a30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
2125169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2126169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000792680:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2127169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\windows\system32\OLEAUT32.dll'
2128169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
2129169c.99c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
2130169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030070c0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2131169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
2132169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff390000 'C:\windows\system32\gdi32.dll'
2133169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076a40000 'C:\windows\system32\user32.dll'
2134169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2135169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007925f0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2136169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd940000 'C:\windows\system32\shell32.dll'
2137169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2138169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007925f0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2139169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
2140169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2141169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d6620:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2142169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff030000 'C:\windows\system32\MSCTF.dll'
2143169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2144169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007924d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2145169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
2146169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2147169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007924d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2148169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\windows\system32\OLEAUT32.dll'
2149169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2150169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2151169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2152169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2153169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2154169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2155169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2156169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2157169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2158169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2159169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2160169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2161169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2162169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2163169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2164169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2165169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2166169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2167169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2168169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2169169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2170169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2171169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2172169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2173169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2174169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a68 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2175169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2176169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2177169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2178169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2179169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2180169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2181169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2182169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2183169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2184169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2185169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2186169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2187169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2188169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2189169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2190169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2191169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2192169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2193169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2194169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2195169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2196169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2197169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2198169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2199169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2200169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2201169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028bce20:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2202169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2203169c.99c: supR3HardenedDllNotificationCallback: load 000007fef0410000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2204169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2205169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2206169c.99c: supR3HardenedDllNotificationCallback: load 000007fef0380000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
2207169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2208169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0410000 'C:\windows\system32\wbem\wbemprox.dll'
2209169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2210169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2211169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2212169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2213169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2214169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2215169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2216169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2217169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2218169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2219169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2220169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2221169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2222169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2223169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028bce20:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2224169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2225169c.99c: supR3HardenedDllNotificationCallback: load 000007feef770000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2226169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2227169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef770000 'C:\windows\system32\wbem\wbemsvc.dll'
2228169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2229169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2230169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2231169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2232169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2233169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2234169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2235169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2236169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2237169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2238169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2239169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2240169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2241169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2242169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2243169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2244169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a78 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2245169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2246169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2247169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2248169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2249169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2250169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2251169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2252169c.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2253169c.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2254169c.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2255169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2256169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2257169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2258169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2259169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2260169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2261169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2262169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2263169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2264169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2265169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2266169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2267169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2268169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2269169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2270169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2271169c.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2272169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2273169c.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2274169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028bce20:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2275169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2276169c.99c: supR3HardenedDllNotificationCallback: load 000007feef930000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
2277169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2278169c.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2279169c.99c: supR3HardenedDllNotificationCallback: load 000007fef0490000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
2280169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2281169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef930000 'C:\windows\system32\wbem\fastprox.dll'
2282169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\windows\system32\OLEAUT32.dll'
2283169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\windows\system32\OLEAUT32.DLL'
2284169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2285169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2286169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2287169c.4ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2288169c.4ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2289169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2290169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2291169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2292169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2293169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2294169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2295169c.4ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2296169c.4ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2297169c.4ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2298169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2299169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2300169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2301169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2302169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2303169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2304169c.4ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2305169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2306169c.4ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2307169c.4ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2308169c.4ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2309169c.4ec: supR3HardenedDllNotificationCallback: load 000007fede070000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2310169c.4ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2311169c.4ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2312169c.4ec: supR3HardenedDllNotificationCallback: load 000000006b9a0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2313169c.4ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2314169c.4ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede070000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2315169c.258: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2316169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2317169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2318169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
2319169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
2320169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2321169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2322169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2323169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2324169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
2325169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
2326169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2327169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2328169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
2329169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
2330169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2331169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2332169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
2333169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
2334169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2335169c.1c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
2336169c.1c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
2337169c.1c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
2338169c.1c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
2339169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2340169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2341169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2342169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2343169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2344169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2345169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2346169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2347169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2348169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2349169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2350169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2351169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2352169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2353169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2354169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2355169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2356169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
2357169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2358169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
2359169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
2360169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
2361169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
2362169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2363169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2364169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2365169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2366169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2367169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2368169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2369169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2370169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2371169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
2372169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2373169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2374169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2375169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2376169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2377169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2378169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
2379169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2380169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2381169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2382169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2383169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2384169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2385169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2386169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2387169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2388169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2389169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2390169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2391169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2392169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2393169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2394169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2395169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2396169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2397169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
2398169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
2399169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2400169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2401169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2402169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2403169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2404169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2405169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
2406169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
2407169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2408169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2409169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2410169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2411169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2412169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2413169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2414169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2415169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2416169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
2417169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
2418169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
2419169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
2420169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2421169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
2422169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
2423169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2424169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2425169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2426169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2427169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
2428169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2429169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2430169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2431169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2432169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2433169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2434169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2435169c.1c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2436169c.1c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
2437169c.1c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2438169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2439169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2440169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2441169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2442169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2443169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2444169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2445169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2446169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2447169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2448169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2449169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2450169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2451169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2452169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2453169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2454169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2455169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2456169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2457169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2458169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2459169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2460169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2461169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2462169c.1c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2463169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2464169c.1c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2465169c.1c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2466169c.1c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2467169c.1c0: supR3HardenedDllNotificationCallback: load 000007feed370000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2468169c.1c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2469169c.1c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed370000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2470169c.c40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2471169c.c40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2472169c.c40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2473169c.c40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2474169c.c40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2475169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2476169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2477169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2478169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2479169c.c40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2480169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2481169c.c40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2482169c.c40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2483169c.c40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2484169c.c40: supR3HardenedDllNotificationCallback: load 000007fef7f00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2485169c.c40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2486169c.c40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7f00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2487169c.cb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2488169c.cb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2489169c.cb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2490169c.cb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2491169c.cb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2492169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2493169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2494169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2495169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2496169c.cb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2497169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2498169c.cb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2499169c.cb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2500169c.cb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2501169c.cb0: supR3HardenedDllNotificationCallback: load 000007feed0a0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2502169c.cb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2503169c.cb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed0a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2504169c.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2505169c.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2506169c.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2507169c.d5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2508169c.d5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2509169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2510169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2511169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2512169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2513169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2514169c.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2515169c.d5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2516169c.d5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2517169c.d5c: supR3HardenedDllNotificationCallback: load 000007fee9d20000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2518169c.d5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2519169c.d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9d20000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2520169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2521169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2522169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2523169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd940000 'C:\windows\system32/Shell32.dll'
2524169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
2525169c.258: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2526169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2527169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2528169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2529169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\windows\system32\profapi.dll'
2530169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2531169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2532169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2533169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2534169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2535169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2536169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2537169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2538169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2539169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2540169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2541169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2542169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2543169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2544169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2545169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2546169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2547169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2548169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2549169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2550169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2551169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2552169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2553169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2554169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2555169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2556169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2557169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2558169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2559169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2560169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2561169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2562169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2563169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2564169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2565169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2566169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2567169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2568169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2569169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2570169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2571169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2572169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2573169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2574169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2575169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2576169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2577169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2578169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2579169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2580169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2581169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2582169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2583169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2584169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2585169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2586169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2587169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2588169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2589169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2590169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2591169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2592169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2593169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2594169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce4 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2595169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2596169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2597169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2598169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2599169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2600169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2601169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2602169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2603169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2604169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2605169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2606169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2607169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
2608169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2609169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2610169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2611169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2612169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2613169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2614169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2615169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2616169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2617169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2618169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2619169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2620169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2621169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2622169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2623169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2624169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2625169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2626169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2627169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2628169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2629169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2630169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2631169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2632169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2633169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2634169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2635169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2636169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2637169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2638169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2639169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2640169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2641169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2642169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2643169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2644169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2645169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2646169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2647169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2648169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2649169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2650169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2651169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2652169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2653169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2654169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2655169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2656169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2657169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2658169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2659169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2660169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2661169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2662169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2663169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2664169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2665169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2666169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2667169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2668169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2669169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2670169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2671169c.258: supR3HardenedDllNotificationCallback: load 000007fedb780000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2672169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2673169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2674169c.258: supR3HardenedDllNotificationCallback: load 000007fedfad0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2675169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2676169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2677169c.258: supR3HardenedDllNotificationCallback: load 000007fedfb40000 LB 0x00051000 C:\windows\system32\newdev.dll [fFlags=0x0]
2678169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2679169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2680169c.258: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2681169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2682169c.258: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00012000 C:\windows\system32\devrtl.DLL [fFlags=0x0]
2683169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2684169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2685169c.258: supR3HardenedDllNotificationCallback: load 000007fedeb70000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2686169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2687169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2688169c.258: supR3HardenedDllNotificationCallback: load 000007fefa060000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2689169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2690169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2691169c.258: supR3HardenedDllNotificationCallback: load 000007fefa050000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
2692169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2693169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb780000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2694169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf0 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2695169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2696169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2697169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2698169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2699169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2700169c.258: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2701169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2702169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2703169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2704169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2705169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2706169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc960000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2707169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2708169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2709169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2710169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeb70000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2711169c.33c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2712169c.33c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2713169c.33c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2714169c.33c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2715169c.33c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2716169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2717169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2718169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2719169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2720169c.33c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2721169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2722169c.33c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2723169c.33c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2724169c.33c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2725169c.33c: supR3HardenedDllNotificationCallback: load 000007fedf940000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2726169c.33c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2727169c.33c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2728169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2729169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf120:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2730169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2731169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa060000 'C:\windows\system32/Iphlpapi.dll'
2732169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2733169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2734169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2735169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
2736169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2737169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2738169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2739169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2740169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2741169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2742169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
2743169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2744169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2745169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2746169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2747169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2748169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2749169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2750169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2751169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2752169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2753169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2754169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf240:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2755169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2756169c.258: supR3HardenedDllNotificationCallback: load 000007fef7910000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
2757169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2758169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7910000 'C:\windows\system32\dhcpcsvc.DLL'
2759169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2760169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf240:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2761169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa060000 'C:\windows\system32\IPHLPAPI.DLL'
2762169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2763169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2764169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2765169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
2766169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_55_for_KB2459530~31bf3856ad364e35~amd64~~6.1.4.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2767169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2768169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2769169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2770169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2771169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
2772169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2773169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2774169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2775169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2776169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2777169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2778169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2779169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf240:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2780169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2781169c.258: supR3HardenedDllNotificationCallback: load 000007fef7740000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
2782169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2783169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7740000 'C:\windows\system32\dhcpcsvc6.DLL'
2784169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2785169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf240:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2786169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa060000 'C:\windows\system32\IPHLPAPI.DLL'
2787169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2788169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2789169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2790169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2791169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2792169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2793169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2794169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2795169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2796169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2797169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2798169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2799169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2800169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2801169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2802169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2803169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2804169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2805169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2806169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2807169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2808169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2809169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2810169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2811169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2812169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
2813169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2814169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2815169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2816169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2817169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2818169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2819169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2820169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2821169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2822169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2823169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2824169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2825169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2826169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2827169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2828169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2829169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2830169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2831169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2832169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002faf3f0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2833169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2834169c.258: supR3HardenedDllNotificationCallback: load 000007fef8a90000 LB 0x00088000 C:\windows\system32\dsound.dll [fFlags=0x0]
2835169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2836169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2837169c.258: supR3HardenedDllNotificationCallback: load 000007fef9c40000 LB 0x0002c000 C:\windows\system32\POWRPROF.dll [fFlags=0x0]
2838169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2839169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2840169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafc60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2841169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a90000 'C:\windows\system32\dsound.dll'
2842169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a90000 'C:\windows\system32/dsound.dll'
2843169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e8c pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2844169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2845169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2846169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2847169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2848169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2849169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2850169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2851169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2852169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2853169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2854169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2855169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2856169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2857169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e70 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2858169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2859169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2860169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2861169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2862169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2863169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2864169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2865169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2866169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2867169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2868169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2869169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2870169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2871169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2872169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2873169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2874169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2875169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2876169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2877169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2878169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2879169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2880169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2881169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2882169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2883169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2884169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2885169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2886169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d71d0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2887169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2888169c.258: supR3HardenedDllNotificationCallback: load 000007fef9120000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
2889169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2890169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2891169c.258: supR3HardenedDllNotificationCallback: load 000007fef9170000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
2892169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2893169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe920000 'C:\windows\system32\ADVAPI32.dll'
2894169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9120000 'C:\windows\System32\MMDevApi.dll'
2895169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2896169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2897169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
2898169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2899169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2900169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee50000 'C:\windows\system32\SETUPAPI.dll'
2901169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2902169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2903169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeaf0000 'C:\windows\system32\SHLWAPI.dll'
2904169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2905169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2906169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9120000 'C:\windows\system32\MMDEVAPI.DLL'
2907169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
2908169c.11e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2909169c.11e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2910169c.11e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\windows\system32\CFGMGR32.dll'
2911169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2912169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2913169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
2914169c.258: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2915169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2916169c.258: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2917169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2918169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff260000 'C:\windows\system32\RPCRT4.dll'
2919169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2920169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2921169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9120000 'C:\windows\system32\MMDevAPI.DLL'
2922169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec4 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2923169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2924169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2925169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2926169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2927169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2928169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2929169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2930169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2931169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2932169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2933169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2934169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2935169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2936169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2937169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2938169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2939169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2940169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb0 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2941169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2942169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2943169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2944169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2945169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2946169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2947169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2948169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2949169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2950169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2951169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2952169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2953169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee4 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2954169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
2955169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
2956169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2957169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2958169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2959169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2960169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2961169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2962169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2963169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2964169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2965169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2966169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2967169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2968169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2969169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2970169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2971169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2972169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2973169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2974169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2975169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2976169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2977169c.258: supR3HardenedDllNotificationCallback: load 000007fedf3c0000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
2978169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2979169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2980169c.258: supR3HardenedDllNotificationCallback: load 0000000073df0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
2981169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2982169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2983169c.258: supR3HardenedDllNotificationCallback: load 000007fef9110000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
2984169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2985169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
2986169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2987169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2988169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
2989169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2990169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafb40:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2991169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
2992169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2993169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafc60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2994169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
2995169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2996169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafc60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
2997169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
2998169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2999169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3000169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3001169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
3002169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
3003169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3004169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3005169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3006169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3007169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3008169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3009169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3010169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3011169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3012169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3013169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3014169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3015169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3016169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3017169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3018169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3019169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3020169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3021169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3022169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3023169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3024169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3025169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3026169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3027169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3028169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafc60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3029169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3030169c.258: supR3HardenedDllNotificationCallback: load 000007fef8890000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
3031169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3032169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8890000 'C:\windows\system32\AUDIOSES.DLL'
3033169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3034169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafc60:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3035169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3036169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3037169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafcf0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3038169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3039169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3040169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3041169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3042169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf3c0000 'C:\windows\system32\wdmaud.drv'
3043169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eec pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3044169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3045169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3046169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3047169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3048169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3049169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3050169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3051169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3052169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3053169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3054169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3055169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3056169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3057169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3058169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3059169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3060169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3061169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f14 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
3062169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3063169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3064169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3065169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
3066169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3067169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3068169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3069169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3070169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3071169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3072169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3073169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3074169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3075169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3076169c.258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3077169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3078169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3079169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3080169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3081169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3082169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3083169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3084169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3085169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3086169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3087169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3088169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3089169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3090169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3091169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3092169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3093169c.258: supR3HardenedDllNotificationCallback: load 000007fedf4d0000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
3094169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3095169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3096169c.258: supR3HardenedDllNotificationCallback: load 000007fedf4b0000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
3097169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3098169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3099169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3100169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3101169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3102169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3103169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3104169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3105169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3106169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3107169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3108169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3109169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3110169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3111169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3112169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3113169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3114169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3115169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3116169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3117169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3118169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3119169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\windows\system32\msacm32.drv'
3120169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3121169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3122169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3123169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3124169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3125169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3126169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3127169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3128169c.258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3129169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3130169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3131169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3132169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3133169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3134169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3135169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3136169c.258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3137169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3138169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3139169c.258: supR3HardenedDllNotificationCallback: load 000007fede9f0000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
3140169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3141169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede9f0000 'C:\windows\system32\midimap.dll'
3142169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3143169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3144169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede9f0000 'C:\windows\system32\midimap.dll'
3145169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3146169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3147169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede9f0000 'C:\windows\system32\midimap.dll'
3148169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3149169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3150169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede9f0000 'C:\windows\system32\midimap.dll'
3151169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3152169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3153169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3154169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec40000 'C:\windows\system32\ole32.dll'
3155169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3156169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3157169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3158169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3159169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3160169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3161169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3162169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3163169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3164169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3165169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3166169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d71d0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3167169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a90000 'C:\windows\System32\dsound.dll'
3168169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3169169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3170169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\windows\system32\winmm.dll'
3171169c.99c: supR3HardenedMonitor_LdrLoadDll: 'C:\windows\system32\comctl32.dll' -> 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
3172169c.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
3173169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
3174169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3175169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3176169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
3177169c.99c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
3178169c.99c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3179169c.99c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
3180169c.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3181169c.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f50000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
3182169c.1658: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
3183169c.1658: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafd80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3184169c.1658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea00000 'C:\windows\system32\OLEAUT32.dll'
3185169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3186169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fafea0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
3187169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3188169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c90000 'C:\windows\system32/kernel32.dll'
3189169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000102c pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
3190169c.258: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000076edf0
3191169c.258: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000076edf0
3192169c.258: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
3193169c.258: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
3194169c.258: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3195169c.258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
3196169c.258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3197169c.258: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3198169c.258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3199169c.258: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
3200169c.258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3201169c.258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\windows\system32\apphelp.dll'
32021598.171c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5514 ms, the end);
32033d0.15ec: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6122 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy