VirtualBox

Ticket #15089: VBoxHardening.log

File VBoxHardening.log, 362.0 KB (added by naveenlekhwar, 9 years ago)

VBoxHeadening file added as per request

Line 
1d04.f6c: Log file opened: 4.3.36r105129 g_hStartupLog=0000000000000034 g_uNtVerCombined=0x611db110
2d04.f6c: \SystemRoot\System32\ntdll.dll:
3d04.f6c: CreationTime: 2016-01-28T21:50:30.278597000Z
4d04.f6c: LastWriteTime: 2015-12-30T19:05:33.659216000Z
5d04.f6c: ChangeTime: 2016-01-28T22:10:04.520158900Z
6d04.f6c: FileAttributes: 0x20
7d04.f6c: Size: 0x1a67c0
8d04.f6c: NT Headers: 0xe0
9d04.f6c: Timestamp: 0x568429e5
10d04.f6c: Machine: 0x8664 - amd64
11d04.f6c: Timestamp: 0x568429e5
12d04.f6c: Image Version: 6.1
13d04.f6c: SizeOfImage: 0x1a9000 (1740800)
14d04.f6c: Resource Dir: 0x14d000 LB 0x5a028
15d04.f6c: ProductName: Microsoft® Windows® Operating System
16d04.f6c: ProductVersion: 6.1.7601.19110
17d04.f6c: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
18d04.f6c: FileDescription: NT Layer DLL
19d04.f6c: \SystemRoot\System32\kernel32.dll:
20d04.f6c: CreationTime: 2016-01-28T21:50:30.184998200Z
21d04.f6c: LastWriteTime: 2015-12-30T18:57:55.730000000Z
22d04.f6c: ChangeTime: 2016-01-28T22:10:06.641840500Z
23d04.f6c: FileAttributes: 0x20
24d04.f6c: Size: 0x11c000
25d04.f6c: NT Headers: 0xe8
26d04.f6c: Timestamp: 0x568429dc
27d04.f6c: Machine: 0x8664 - amd64
28d04.f6c: Timestamp: 0x568429dc
29d04.f6c: Image Version: 6.1
30d04.f6c: SizeOfImage: 0x11f000 (1175552)
31d04.f6c: Resource Dir: 0x116000 LB 0x528
32d04.f6c: ProductName: Microsoft® Windows® Operating System
33d04.f6c: ProductVersion: 6.1.7601.19110
34d04.f6c: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
35d04.f6c: FileDescription: Windows NT BASE API Client DLL
36d04.f6c: \SystemRoot\System32\KernelBase.dll:
37d04.f6c: CreationTime: 2016-01-28T21:50:31.292584000Z
38d04.f6c: LastWriteTime: 2015-12-30T18:57:55.761000000Z
39d04.f6c: ChangeTime: 2016-01-28T22:10:06.688642300Z
40d04.f6c: FileAttributes: 0x20
41d04.f6c: Size: 0x67a00
42d04.f6c: NT Headers: 0xe8
43d04.f6c: Timestamp: 0x568429dd
44d04.f6c: Machine: 0x8664 - amd64
45d04.f6c: Timestamp: 0x568429dd
46d04.f6c: Image Version: 6.1
47d04.f6c: SizeOfImage: 0x6c000 (442368)
48d04.f6c: Resource Dir: 0x6a000 LB 0x530
49d04.f6c: ProductName: Microsoft® Windows® Operating System
50d04.f6c: ProductVersion: 6.1.7601.19110
51d04.f6c: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
52d04.f6c: FileDescription: Windows NT BASE API Client DLL
53d04.f6c: \SystemRoot\System32\apisetschema.dll:
54d04.f6c: CreationTime: 2016-01-28T21:50:32.244171800Z
55d04.f6c: LastWriteTime: 2015-12-30T18:54:58.839000000Z
56d04.f6c: ChangeTime: 2016-01-28T22:10:04.317351100Z
57d04.f6c: FileAttributes: 0x20
58d04.f6c: Size: 0x1a00
59d04.f6c: NT Headers: 0xc0
60d04.f6c: Timestamp: 0x568428c9
61d04.f6c: Machine: 0x8664 - amd64
62d04.f6c: Timestamp: 0x568428c9
63d04.f6c: Image Version: 6.1
64d04.f6c: SizeOfImage: 0x50000 (327680)
65d04.f6c: Resource Dir: 0x30000 LB 0x3f8
66d04.f6c: ProductName: Microsoft® Windows® Operating System
67d04.f6c: ProductVersion: 6.1.7601.19110
68d04.f6c: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
69d04.f6c: FileDescription: ApiSet Schema DLL
70d04.f6c: Found driver tmcomm (0x8)
71d04.f6c: Found driver tmevtmgr (0x8)
72d04.f6c: Found driver tmactmon (0x8)
73d04.f6c: Found driver tmeevw (0x8)
74d04.f6c: Found driver tmtdi (0x8)
75d04.f6c: supR3HardenedWinFindAdversaries: 0x8
76d04.f6c: \SystemRoot\System32\drivers\tmcomm.sys:
77d04.f6c: CreationTime: 2015-07-28T18:23:04.000000000Z
78d04.f6c: LastWriteTime: 2015-07-28T19:23:06.000000000Z
79d04.f6c: ChangeTime: 2016-01-27T18:20:28.623632200Z
80d04.f6c: FileAttributes: 0x20
81d04.f6c: Size: 0x4f4d8
82d04.f6c: NT Headers: 0xe8
83d04.f6c: Timestamp: 0x55acac52
84d04.f6c: Machine: 0x8664 - amd64
85d04.f6c: Timestamp: 0x55acac52
86d04.f6c: Image Version: 6.0
87d04.f6c: SizeOfImage: 0x50000 (327680)
88d04.f6c: Resource Dir: 0x4e000 LB 0x760
89d04.f6c: ProductName: Trend Micro Eyes
90d04.f6c: ProductVersion: 6.60
91d04.f6c: FileVersion: 6.60.0.1041
92d04.f6c: SpecialBuild: 1041
93d04.f6c: PrivateBuild: Build 1041 - 7/20/2015
94d04.f6c: FileDescription: TrendMicro Common Module
95d04.f6c: \SystemRoot\System32\drivers\tmactmon.sys:
96d04.f6c: CreationTime: 2015-07-28T18:23:04.000000000Z
97d04.f6c: LastWriteTime: 2015-07-28T19:23:06.000000000Z
98d04.f6c: ChangeTime: 2016-01-27T18:20:29.122649800Z
99d04.f6c: FileAttributes: 0x20
100d04.f6c: Size: 0x1d228
101d04.f6c: NT Headers: 0xe0
102d04.f6c: Timestamp: 0x55b0c073
103d04.f6c: Machine: 0x8664 - amd64
104d04.f6c: Timestamp: 0x55b0c073
105d04.f6c: Image Version: 6.0
106d04.f6c: SizeOfImage: 0x23000 (143360)
107d04.f6c: Resource Dir: 0x21000 LB 0x4c8
108d04.f6c: ProductName: Trend Micro AEGIS
109d04.f6c: ProductVersion: 2.972
110d04.f6c: FileVersion: 2.972.0.1152
111d04.f6c: SpecialBuild: 1152
112d04.f6c: PrivateBuild: Build 1152 - 7/23/2015
113d04.f6c: FileDescription: TrendMicro Activity Monitor Module
114d04.f6c: \SystemRoot\System32\drivers\tmevtmgr.sys:
115d04.f6c: CreationTime: 2015-07-28T18:23:04.000000000Z
116d04.f6c: LastWriteTime: 2015-07-28T19:23:06.000000000Z
117d04.f6c: ChangeTime: 2016-01-27T18:20:28.873141000Z
118d04.f6c: FileAttributes: 0x20
119d04.f6c: Size: 0x13768
120d04.f6c: NT Headers: 0xe0
121d04.f6c: Timestamp: 0x55b0c06f
122d04.f6c: Machine: 0x8664 - amd64
123d04.f6c: Timestamp: 0x55b0c06f
124d04.f6c: Image Version: 6.0
125d04.f6c: SizeOfImage: 0x16000 (90112)
126d04.f6c: Resource Dir: 0x14000 LB 0x4c8
127d04.f6c: ProductName: Trend Micro AEGIS
128d04.f6c: ProductVersion: 2.972
129d04.f6c: FileVersion: 2.972.0.1152
130d04.f6c: SpecialBuild: 1152
131d04.f6c: PrivateBuild: Build 1152 - 7/23/2015
132d04.f6c: FileDescription: TrendMicro Event Management Module
133d04.f6c: \SystemRoot\System32\drivers\tmtdi.sys:
134d04.f6c: CreationTime: 2013-06-18T19:09:06.000000000Z
135d04.f6c: LastWriteTime: 2013-06-18T19:09:06.000000000Z
136d04.f6c: ChangeTime: 2016-01-27T18:18:51.549114700Z
137d04.f6c: FileAttributes: 0x20
138d04.f6c: Size: 0x1aa18
139d04.f6c: NT Headers: 0xf0
140d04.f6c: Timestamp: 0x50ed55e5
141d04.f6c: Machine: 0x8664 - amd64
142d04.f6c: Timestamp: 0x50ed55e5
143d04.f6c: Image Version: 6.0
144d04.f6c: SizeOfImage: 0x1d000 (118784)
145d04.f6c: Resource Dir: 0x1c000 LB 0x560
146d04.f6c: ProductName: Trend Micro Network Security Components
147d04.f6c: ProductVersion: 5.82
148d04.f6c: FileVersion: 5.82.0.1062
149d04.f6c: SpecialBuild: 1062
150d04.f6c: PrivateBuild: Build 1062 - 1/9/2013
151d04.f6c: FileDescription: Trend Micro TDI Driver (amd64-fre)
152d04.f6c: \SystemRoot\System32\drivers\tmebc64.sys:
153d04.f6c: CreationTime: 2015-06-19T22:21:22.000000000Z
154d04.f6c: LastWriteTime: 2015-06-19T22:21:22.000000000Z
155d04.f6c: ChangeTime: 2016-01-27T18:30:53.434854300Z
156d04.f6c: FileAttributes: 0x20
157d04.f6c: Size: 0xef30
158d04.f6c: NT Headers: 0xf0
159d04.f6c: Timestamp: 0x557fd35d
160d04.f6c: Machine: 0x8664 - amd64
161d04.f6c: Timestamp: 0x557fd35d
162d04.f6c: Image Version: 6.0
163d04.f6c: SizeOfImage: 0xf000 (61440)
164d04.f6c: Resource Dir: 0xe000 LB 0x6f8
165d04.f6c: ProductName: Trend Micro Early Boot Clean
166d04.f6c: ProductVersion: 1.5
167d04.f6c: FileVersion: 1.5.0.1020
168d04.f6c: SpecialBuild: 1020
169d04.f6c: PrivateBuild: Build 1020 - 6/16/2015
170d04.f6c: FileDescription: Trend Micro early boot driver
171d04.f6c: \SystemRoot\System32\drivers\tmeevw.sys:
172d04.f6c: CreationTime: 2015-06-08T18:54:40.000000000Z
173d04.f6c: LastWriteTime: 2015-06-08T18:54:40.000000000Z
174d04.f6c: ChangeTime: 2016-01-28T23:05:54.969520100Z
175d04.f6c: FileAttributes: 0x20
176d04.f6c: Size: 0x1c760
177d04.f6c: NT Headers: 0xf0
178d04.f6c: Timestamp: 0x5487bf1b
179d04.f6c: Machine: 0x8664 - amd64
180d04.f6c: Timestamp: 0x5487bf1b
181d04.f6c: Image Version: 6.1
182d04.f6c: SizeOfImage: 0x1f000 (126976)
183d04.f6c: Resource Dir: 0x1a000 LB 0x3488
184d04.f6c: ProductName: Trend Micro EagleEye
185d04.f6c: ProductVersion: 2.0
186d04.f6c: FileVersion: 2.0.0.1017
187d04.f6c: SpecialBuild: 1017
188d04.f6c: PrivateBuild: Build 1017 - 12/10/2014
189d04.f6c: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
190d04.f6c: Calling main()
191d04.f6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
192d04.f6c: SUPR3HardenedMain: Respawn #1
193d04.f6c: System32: \Device\HarddiskVolume2\Windows\System32
194d04.f6c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
195d04.f6c: KnownDllPath: C:\Windows\system32
196d04.f6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
197d04.f6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
198d04.f6c: supR3HardNtEnableThreadCreation:
199d04.f6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007708b630 pvNtTerminateThread=00000000770adee0
200d04.f6c: supR3HardenedWinDoReSpawn(1): New child 4ac.cf0 [kernel32].
201d04.f6c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
202d04.f6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077060000 uNtDllChildAddr=0000000077060000
203d04.f6c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007708b630
204d04.f6c: supR3HardenedWinSetupChildInit: Start child.
205d04.f6c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
206d04.f6c: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps
207d04.f6c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
208d04.f6c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
209d04.f6c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
210d04.f6c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
211d04.f6c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
212d04.f6c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
213d04.f6c: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
214d04.f6c: *0000000000070000-fffffffffff73fff 0x0000/0x0004 0x0020000
215d04.f6c: 000000000016c000-0000000000168fff 0x0104/0x0004 0x0020000
216d04.f6c: 000000000016f000-000000000016dfff 0x0004/0x0004 0x0020000
217d04.f6c: 0000000000170000-ffffffff8927ffff 0x0001/0x0000 0x0000000
218d04.f6c: *0000000077060000-0000000077060fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
219d04.f6c: 0000000077061000-000000007715efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
220d04.f6c: 000000007715f000-000000007718dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
221d04.f6c: 000000007718e000-0000000077195fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
222d04.f6c: 0000000077196000-0000000077196fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
223d04.f6c: 0000000077197000-0000000077199fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
224d04.f6c: 000000007719a000-0000000077208fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
225d04.f6c: 0000000077209000-000000006f431fff 0x0001/0x0000 0x0000000
226d04.f6c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
227d04.f6c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
228d04.f6c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
229d04.f6c: 000000007fff0000-ffffffffc04affff 0x0001/0x0000 0x0000000
230d04.f6c: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
231d04.f6c: 000000013fb31000-000000013fbb6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
232d04.f6c: 000000013fbb7000-000000013fbb7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
233d04.f6c: 000000013fbb8000-000000013fbf5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
234d04.f6c: 000000013fbf6000-000000013fbf6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
235d04.f6c: 000000013fbf7000-000000013fbf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
236d04.f6c: 000000013fbf8000-000000013fbfcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
237d04.f6c: 000000013fbfd000-000000013fbfdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
238d04.f6c: 000000013fbfe000-000000013fbfefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
239d04.f6c: 000000013fbff000-000000013fc02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
240d04.f6c: 000000013fc03000-000000013fc3bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
241d04.f6c: 000000013fc3c000-fffff803804f7fff 0x0001/0x0000 0x0000000
242d04.f6c: *000007feff380000-000007feff380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
243d04.f6c: 000007feff381000-000007fdfe751fff 0x0001/0x0000 0x0000000
244d04.f6c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
245d04.f6c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
246d04.f6c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
247d04.f6c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
248d04.f6c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
249d04.f6c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
250d04.f6c: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
251d04.f6c: VirtualBox.exe: timestamp 0x569e8b46 (rc=VINF_SUCCESS)
252d04.f6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
253d04.f6c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
254d04.f6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
255d04.f6c: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
256d04.f6c: supR3HardNtEnableThreadCreation:
2574ac.cf0: Log file opened: 4.3.36r105129 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2584ac.cf0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077060000
2594ac.cf0: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
2604ac.cf0: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
2614ac.cf0: System32: \Device\HarddiskVolume2\Windows\System32
2624ac.cf0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2634ac.cf0: KnownDllPath: C:\Windows\system32
2644ac.cf0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2654ac.cf0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2664ac.cf0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2674ac.cf0: Registered Dll notification callback with NTDLL.
2684ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2694ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2704ac.cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2714ac.cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2724ac.cf0: supR3HardenedDllNotificationCallback: load 0000000076f40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2734ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2744ac.cf0: supR3HardenedDllNotificationCallback: load 000007fefcfd0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2754ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2764ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2774ac.cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32\kernel32.dll'
2784ac.cf0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007708b630 pvNtTerminateThread=00000000770adee0
279d04.f6c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
2804ac.cf0: \SystemRoot\System32\ntdll.dll:
2814ac.cf0: CreationTime: 2016-01-28T21:50:30.278597000Z
2824ac.cf0: LastWriteTime: 2015-12-30T19:05:33.659216000Z
2834ac.cf0: ChangeTime: 2016-01-28T22:10:04.520158900Z
2844ac.cf0: FileAttributes: 0x20
2854ac.cf0: Size: 0x1a67c0
2864ac.cf0: NT Headers: 0xe0
2874ac.cf0: Timestamp: 0x568429e5
2884ac.cf0: Machine: 0x8664 - amd64
2894ac.cf0: Timestamp: 0x568429e5
2904ac.cf0: Image Version: 6.1
2914ac.cf0: SizeOfImage: 0x1a9000 (1740800)
2924ac.cf0: Resource Dir: 0x14d000 LB 0x5a028
2934ac.cf0: ProductName: Microsoft® Windows® Operating System
2944ac.cf0: ProductVersion: 6.1.7601.19110
2954ac.cf0: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
2964ac.cf0: FileDescription: NT Layer DLL
2974ac.cf0: \SystemRoot\System32\kernel32.dll:
2984ac.cf0: CreationTime: 2016-01-28T21:50:30.184998200Z
2994ac.cf0: LastWriteTime: 2015-12-30T18:57:55.730000000Z
3004ac.cf0: ChangeTime: 2016-01-28T22:10:06.641840500Z
3014ac.cf0: FileAttributes: 0x20
3024ac.cf0: Size: 0x11c000
3034ac.cf0: NT Headers: 0xe8
3044ac.cf0: Timestamp: 0x568429dc
3054ac.cf0: Machine: 0x8664 - amd64
3064ac.cf0: Timestamp: 0x568429dc
3074ac.cf0: Image Version: 6.1
3084ac.cf0: SizeOfImage: 0x11f000 (1175552)
3094ac.cf0: Resource Dir: 0x116000 LB 0x528
3104ac.cf0: ProductName: Microsoft® Windows® Operating System
3114ac.cf0: ProductVersion: 6.1.7601.19110
3124ac.cf0: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
3134ac.cf0: FileDescription: Windows NT BASE API Client DLL
3144ac.cf0: \SystemRoot\System32\KernelBase.dll:
3154ac.cf0: CreationTime: 2016-01-28T21:50:31.292584000Z
3164ac.cf0: LastWriteTime: 2015-12-30T18:57:55.761000000Z
3174ac.cf0: ChangeTime: 2016-01-28T22:10:06.688642300Z
3184ac.cf0: FileAttributes: 0x20
3194ac.cf0: Size: 0x67a00
3204ac.cf0: NT Headers: 0xe8
3214ac.cf0: Timestamp: 0x568429dd
3224ac.cf0: Machine: 0x8664 - amd64
3234ac.cf0: Timestamp: 0x568429dd
3244ac.cf0: Image Version: 6.1
3254ac.cf0: SizeOfImage: 0x6c000 (442368)
3264ac.cf0: Resource Dir: 0x6a000 LB 0x530
3274ac.cf0: ProductName: Microsoft® Windows® Operating System
3284ac.cf0: ProductVersion: 6.1.7601.19110
3294ac.cf0: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
3304ac.cf0: FileDescription: Windows NT BASE API Client DLL
3314ac.cf0: \SystemRoot\System32\apisetschema.dll:
3324ac.cf0: CreationTime: 2016-01-28T21:50:32.244171800Z
3334ac.cf0: LastWriteTime: 2015-12-30T18:54:58.839000000Z
3344ac.cf0: ChangeTime: 2016-01-28T22:10:04.317351100Z
3354ac.cf0: FileAttributes: 0x20
3364ac.cf0: Size: 0x1a00
3374ac.cf0: NT Headers: 0xc0
3384ac.cf0: Timestamp: 0x568428c9
3394ac.cf0: Machine: 0x8664 - amd64
3404ac.cf0: Timestamp: 0x568428c9
3414ac.cf0: Image Version: 6.1
3424ac.cf0: SizeOfImage: 0x50000 (327680)
3434ac.cf0: Resource Dir: 0x30000 LB 0x3f8
3444ac.cf0: ProductName: Microsoft® Windows® Operating System
3454ac.cf0: ProductVersion: 6.1.7601.19110
3464ac.cf0: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
3474ac.cf0: FileDescription: ApiSet Schema DLL
3484ac.cf0: Found driver tmcomm (0x8)
3494ac.cf0: Found driver tmevtmgr (0x8)
3504ac.cf0: Found driver tmactmon (0x8)
3514ac.cf0: Found driver tmeevw (0x8)
3524ac.cf0: Found driver tmtdi (0x8)
3534ac.cf0: supR3HardenedWinFindAdversaries: 0x8
3544ac.cf0: \SystemRoot\System32\drivers\tmcomm.sys:
3554ac.cf0: CreationTime: 2015-07-28T18:23:04.000000000Z
3564ac.cf0: LastWriteTime: 2015-07-28T19:23:06.000000000Z
3574ac.cf0: ChangeTime: 2016-01-27T18:20:28.623632200Z
3584ac.cf0: FileAttributes: 0x20
3594ac.cf0: Size: 0x4f4d8
3604ac.cf0: NT Headers: 0xe8
3614ac.cf0: Timestamp: 0x55acac52
3624ac.cf0: Machine: 0x8664 - amd64
3634ac.cf0: Timestamp: 0x55acac52
3644ac.cf0: Image Version: 6.0
3654ac.cf0: SizeOfImage: 0x50000 (327680)
3664ac.cf0: Resource Dir: 0x4e000 LB 0x760
3674ac.cf0: ProductName: Trend Micro Eyes
3684ac.cf0: ProductVersion: 6.60
3694ac.cf0: FileVersion: 6.60.0.1041
3704ac.cf0: SpecialBuild: 1041
3714ac.cf0: PrivateBuild: Build 1041 - 7/20/2015
3724ac.cf0: FileDescription: TrendMicro Common Module
3734ac.cf0: \SystemRoot\System32\drivers\tmactmon.sys:
3744ac.cf0: CreationTime: 2015-07-28T18:23:04.000000000Z
3754ac.cf0: LastWriteTime: 2015-07-28T19:23:06.000000000Z
3764ac.cf0: ChangeTime: 2016-01-27T18:20:29.122649800Z
3774ac.cf0: FileAttributes: 0x20
3784ac.cf0: Size: 0x1d228
3794ac.cf0: NT Headers: 0xe0
3804ac.cf0: Timestamp: 0x55b0c073
3814ac.cf0: Machine: 0x8664 - amd64
3824ac.cf0: Timestamp: 0x55b0c073
3834ac.cf0: Image Version: 6.0
3844ac.cf0: SizeOfImage: 0x23000 (143360)
3854ac.cf0: Resource Dir: 0x21000 LB 0x4c8
3864ac.cf0: ProductName: Trend Micro AEGIS
3874ac.cf0: ProductVersion: 2.972
3884ac.cf0: FileVersion: 2.972.0.1152
3894ac.cf0: SpecialBuild: 1152
3904ac.cf0: PrivateBuild: Build 1152 - 7/23/2015
3914ac.cf0: FileDescription: TrendMicro Activity Monitor Module
3924ac.cf0: \SystemRoot\System32\drivers\tmevtmgr.sys:
3934ac.cf0: CreationTime: 2015-07-28T18:23:04.000000000Z
3944ac.cf0: LastWriteTime: 2015-07-28T19:23:06.000000000Z
3954ac.cf0: ChangeTime: 2016-01-27T18:20:28.873141000Z
3964ac.cf0: FileAttributes: 0x20
3974ac.cf0: Size: 0x13768
3984ac.cf0: NT Headers: 0xe0
3994ac.cf0: Timestamp: 0x55b0c06f
4004ac.cf0: Machine: 0x8664 - amd64
4014ac.cf0: Timestamp: 0x55b0c06f
4024ac.cf0: Image Version: 6.0
4034ac.cf0: SizeOfImage: 0x16000 (90112)
4044ac.cf0: Resource Dir: 0x14000 LB 0x4c8
4054ac.cf0: ProductName: Trend Micro AEGIS
4064ac.cf0: ProductVersion: 2.972
4074ac.cf0: FileVersion: 2.972.0.1152
4084ac.cf0: SpecialBuild: 1152
4094ac.cf0: PrivateBuild: Build 1152 - 7/23/2015
4104ac.cf0: FileDescription: TrendMicro Event Management Module
4114ac.cf0: \SystemRoot\System32\drivers\tmtdi.sys:
4124ac.cf0: CreationTime: 2013-06-18T19:09:06.000000000Z
4134ac.cf0: LastWriteTime: 2013-06-18T19:09:06.000000000Z
4144ac.cf0: ChangeTime: 2016-01-27T18:18:51.549114700Z
4154ac.cf0: FileAttributes: 0x20
4164ac.cf0: Size: 0x1aa18
4174ac.cf0: NT Headers: 0xf0
4184ac.cf0: Timestamp: 0x50ed55e5
4194ac.cf0: Machine: 0x8664 - amd64
4204ac.cf0: Timestamp: 0x50ed55e5
4214ac.cf0: Image Version: 6.0
4224ac.cf0: SizeOfImage: 0x1d000 (118784)
4234ac.cf0: Resource Dir: 0x1c000 LB 0x560
4244ac.cf0: ProductName: Trend Micro Network Security Components
4254ac.cf0: ProductVersion: 5.82
4264ac.cf0: FileVersion: 5.82.0.1062
4274ac.cf0: SpecialBuild: 1062
4284ac.cf0: PrivateBuild: Build 1062 - 1/9/2013
4294ac.cf0: FileDescription: Trend Micro TDI Driver (amd64-fre)
4304ac.cf0: \SystemRoot\System32\drivers\tmebc64.sys:
4314ac.cf0: CreationTime: 2015-06-19T22:21:22.000000000Z
4324ac.cf0: LastWriteTime: 2015-06-19T22:21:22.000000000Z
4334ac.cf0: ChangeTime: 2016-01-27T18:30:53.434854300Z
4344ac.cf0: FileAttributes: 0x20
4354ac.cf0: Size: 0xef30
4364ac.cf0: NT Headers: 0xf0
4374ac.cf0: Timestamp: 0x557fd35d
4384ac.cf0: Machine: 0x8664 - amd64
4394ac.cf0: Timestamp: 0x557fd35d
4404ac.cf0: Image Version: 6.0
4414ac.cf0: SizeOfImage: 0xf000 (61440)
4424ac.cf0: Resource Dir: 0xe000 LB 0x6f8
4434ac.cf0: ProductName: Trend Micro Early Boot Clean
4444ac.cf0: ProductVersion: 1.5
4454ac.cf0: FileVersion: 1.5.0.1020
4464ac.cf0: SpecialBuild: 1020
4474ac.cf0: PrivateBuild: Build 1020 - 6/16/2015
4484ac.cf0: FileDescription: Trend Micro early boot driver
4494ac.cf0: \SystemRoot\System32\drivers\tmeevw.sys:
4504ac.cf0: CreationTime: 2015-06-08T18:54:40.000000000Z
4514ac.cf0: LastWriteTime: 2015-06-08T18:54:40.000000000Z
4524ac.cf0: ChangeTime: 2016-01-28T23:05:54.969520100Z
4534ac.cf0: FileAttributes: 0x20
4544ac.cf0: Size: 0x1c760
4554ac.cf0: NT Headers: 0xf0
4564ac.cf0: Timestamp: 0x5487bf1b
4574ac.cf0: Machine: 0x8664 - amd64
4584ac.cf0: Timestamp: 0x5487bf1b
4594ac.cf0: Image Version: 6.1
4604ac.cf0: SizeOfImage: 0x1f000 (126976)
4614ac.cf0: Resource Dir: 0x1a000 LB 0x3488
4624ac.cf0: ProductName: Trend Micro EagleEye
4634ac.cf0: ProductVersion: 2.0
4644ac.cf0: FileVersion: 2.0.0.1017
4654ac.cf0: SpecialBuild: 1017
4664ac.cf0: PrivateBuild: Build 1017 - 12/10/2014
4674ac.cf0: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
4684ac.cf0: Calling main()
4694ac.cf0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4704ac.cf0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4714ac.cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4724ac.cf0: SUPR3HardenedMain: Respawn #2
4734ac.cf0: supR3HardNtEnableThreadCreation:
4744ac.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4754ac.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
4764ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
4774ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
4784ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4794ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4804ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4814ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4824ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4834ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4844ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4854ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4864ac.cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
4874ac.cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4884ac.cf0: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x000db000 C:\Windows\system32\ADVAPI32.DLL [fFlags=0x0]
4894ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4904ac.cf0: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4914ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4924ac.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
4934ac.cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
4944ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
4954ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
4964ac.cf0: supR3HardenedDllNotificationCallback: load 000007feff270000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
4974ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4984ac.cf0: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4994ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5004ac.cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.DLL'
5014ac.cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
5024ac.cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
5034ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5044ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5054ac.cf0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5064ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5074ac.cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5084ac.cf0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5094ac.cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5104ac.cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5114ac.cf0: supR3HardenedDllNotificationCallback: load 000007fefcb20000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
5124ac.cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5134ac.cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb20000 'C:\Windows\system32\apphelp.dll'
5144ac.cf0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007708b630 pvNtTerminateThread=00000000770adee0
5154ac.cf0: supR3HardenedWinDoReSpawn(2): New child 7e8.d28 [kernel32].
5164ac.cf0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
5174ac.cf0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077060000 uNtDllChildAddr=0000000077060000
5184ac.cf0: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007708b630
5194ac.cf0: supR3HardenedWinSetupChildInit: Start child.
5204ac.cf0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5214ac.cf0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
5224ac.cf0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5234ac.cf0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5244ac.cf0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5254ac.cf0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
5264ac.cf0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5274ac.cf0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5284ac.cf0: 0000000000041000-fffffffffff31fff 0x0001/0x0000 0x0000000
5294ac.cf0: *0000000000150000-0000000000053fff 0x0000/0x0004 0x0020000
5304ac.cf0: 000000000024c000-0000000000248fff 0x0104/0x0004 0x0020000
5314ac.cf0: 000000000024f000-000000000024dfff 0x0004/0x0004 0x0020000
5324ac.cf0: 0000000000250000-ffffffff8943ffff 0x0001/0x0000 0x0000000
5334ac.cf0: *0000000077060000-0000000077060fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5344ac.cf0: 0000000077061000-000000007715efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5354ac.cf0: 000000007715f000-000000007718dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5364ac.cf0: 000000007718e000-0000000077195fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5374ac.cf0: 0000000077196000-0000000077196fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5384ac.cf0: 0000000077197000-0000000077199fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5394ac.cf0: 000000007719a000-0000000077208fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5404ac.cf0: 0000000077209000-000000006f431fff 0x0001/0x0000 0x0000000
5414ac.cf0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5424ac.cf0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5434ac.cf0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5444ac.cf0: 000000007fff0000-ffffffffc04affff 0x0001/0x0000 0x0000000
5454ac.cf0: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5464ac.cf0: 000000013fb31000-000000013fbb6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5474ac.cf0: 000000013fbb7000-000000013fbb7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5484ac.cf0: 000000013fbb8000-000000013fbf5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5494ac.cf0: 000000013fbf6000-000000013fbf6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5504ac.cf0: 000000013fbf7000-000000013fbf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5514ac.cf0: 000000013fbf8000-000000013fbfcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5524ac.cf0: 000000013fbfd000-000000013fbfdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5534ac.cf0: 000000013fbfe000-000000013fbfefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5544ac.cf0: 000000013fbff000-000000013fc02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5554ac.cf0: 000000013fc03000-000000013fc3bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5564ac.cf0: 000000013fc3c000-fffff803804f7fff 0x0001/0x0000 0x0000000
5574ac.cf0: *000007feff380000-000007feff380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
5584ac.cf0: 000007feff381000-000007fdfe751fff 0x0001/0x0000 0x0000000
5594ac.cf0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5604ac.cf0: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
5614ac.cf0: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
5624ac.cf0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
5634ac.cf0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5644ac.cf0: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
5654ac.cf0: VirtualBox.exe: timestamp 0x569e8b46 (rc=VINF_SUCCESS)
5664ac.cf0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5674ac.cf0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
5684ac.cf0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5694ac.cf0: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
5704ac.cf0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
5714ac.cf0: supR3HardNtEnableThreadCreation:
5727e8.d28: Log file opened: 4.3.36r105129 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
5737e8.d28: supR3HardenedVmProcessInit: uNtDllAddr=0000000077060000
5747e8.d28: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
5757e8.d28: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
5767e8.d28: System32: \Device\HarddiskVolume2\Windows\System32
5777e8.d28: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
5787e8.d28: KnownDllPath: C:\Windows\system32
5797e8.d28: supR3HardenedVmProcessInit: Opening vboxdrv...
5807e8.d28: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5817e8.d28: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5827e8.d28: Registered Dll notification callback with NTDLL.
5837e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5847e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5857e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5867e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5877e8.d28: supR3HardenedDllNotificationCallback: load 0000000076f40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
5887e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5897e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcfd0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
5907e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5917e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5927e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32\kernel32.dll'
5937e8.d28: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007708b630 pvNtTerminateThread=00000000770adee0
5944ac.cf0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms.
5957e8.d28: \SystemRoot\System32\ntdll.dll:
5967e8.d28: CreationTime: 2016-01-28T21:50:30.278597000Z
5977e8.d28: LastWriteTime: 2015-12-30T19:05:33.659216000Z
5987e8.d28: ChangeTime: 2016-01-28T22:10:04.520158900Z
5997e8.d28: FileAttributes: 0x20
6007e8.d28: Size: 0x1a67c0
6017e8.d28: NT Headers: 0xe0
6027e8.d28: Timestamp: 0x568429e5
6037e8.d28: Machine: 0x8664 - amd64
6047e8.d28: Timestamp: 0x568429e5
6057e8.d28: Image Version: 6.1
6067e8.d28: SizeOfImage: 0x1a9000 (1740800)
6077e8.d28: Resource Dir: 0x14d000 LB 0x5a028
6087e8.d28: ProductName: Microsoft® Windows® Operating System
6097e8.d28: ProductVersion: 6.1.7601.19110
6107e8.d28: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
6117e8.d28: FileDescription: NT Layer DLL
6127e8.d28: \SystemRoot\System32\kernel32.dll:
6137e8.d28: CreationTime: 2016-01-28T21:50:30.184998200Z
6147e8.d28: LastWriteTime: 2015-12-30T18:57:55.730000000Z
6157e8.d28: ChangeTime: 2016-01-28T22:10:06.641840500Z
6167e8.d28: FileAttributes: 0x20
6177e8.d28: Size: 0x11c000
6187e8.d28: NT Headers: 0xe8
6197e8.d28: Timestamp: 0x568429dc
6207e8.d28: Machine: 0x8664 - amd64
6217e8.d28: Timestamp: 0x568429dc
6227e8.d28: Image Version: 6.1
6237e8.d28: SizeOfImage: 0x11f000 (1175552)
6247e8.d28: Resource Dir: 0x116000 LB 0x528
6257e8.d28: ProductName: Microsoft® Windows® Operating System
6267e8.d28: ProductVersion: 6.1.7601.19110
6277e8.d28: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
6287e8.d28: FileDescription: Windows NT BASE API Client DLL
6297e8.d28: \SystemRoot\System32\KernelBase.dll:
6307e8.d28: CreationTime: 2016-01-28T21:50:31.292584000Z
6317e8.d28: LastWriteTime: 2015-12-30T18:57:55.761000000Z
6327e8.d28: ChangeTime: 2016-01-28T22:10:06.688642300Z
6337e8.d28: FileAttributes: 0x20
6347e8.d28: Size: 0x67a00
6357e8.d28: NT Headers: 0xe8
6367e8.d28: Timestamp: 0x568429dd
6377e8.d28: Machine: 0x8664 - amd64
6387e8.d28: Timestamp: 0x568429dd
6397e8.d28: Image Version: 6.1
6407e8.d28: SizeOfImage: 0x6c000 (442368)
6417e8.d28: Resource Dir: 0x6a000 LB 0x530
6427e8.d28: ProductName: Microsoft® Windows® Operating System
6437e8.d28: ProductVersion: 6.1.7601.19110
6447e8.d28: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
6457e8.d28: FileDescription: Windows NT BASE API Client DLL
6467e8.d28: \SystemRoot\System32\apisetschema.dll:
6477e8.d28: CreationTime: 2016-01-28T21:50:32.244171800Z
6487e8.d28: LastWriteTime: 2015-12-30T18:54:58.839000000Z
6497e8.d28: ChangeTime: 2016-01-28T22:10:04.317351100Z
6507e8.d28: FileAttributes: 0x20
6517e8.d28: Size: 0x1a00
6527e8.d28: NT Headers: 0xc0
6537e8.d28: Timestamp: 0x568428c9
6547e8.d28: Machine: 0x8664 - amd64
6557e8.d28: Timestamp: 0x568428c9
6567e8.d28: Image Version: 6.1
6577e8.d28: SizeOfImage: 0x50000 (327680)
6587e8.d28: Resource Dir: 0x30000 LB 0x3f8
6597e8.d28: ProductName: Microsoft® Windows® Operating System
6607e8.d28: ProductVersion: 6.1.7601.19110
6617e8.d28: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
6627e8.d28: FileDescription: ApiSet Schema DLL
6637e8.d28: Found driver tmcomm (0x8)
6647e8.d28: Found driver tmevtmgr (0x8)
6657e8.d28: Found driver tmactmon (0x8)
6667e8.d28: Found driver tmeevw (0x8)
6677e8.d28: Found driver tmtdi (0x8)
6687e8.d28: supR3HardenedWinFindAdversaries: 0x8
6697e8.d28: \SystemRoot\System32\drivers\tmcomm.sys:
6707e8.d28: CreationTime: 2015-07-28T18:23:04.000000000Z
6717e8.d28: LastWriteTime: 2015-07-28T19:23:06.000000000Z
6727e8.d28: ChangeTime: 2016-01-27T18:20:28.623632200Z
6737e8.d28: FileAttributes: 0x20
6747e8.d28: Size: 0x4f4d8
6757e8.d28: NT Headers: 0xe8
6767e8.d28: Timestamp: 0x55acac52
6777e8.d28: Machine: 0x8664 - amd64
6787e8.d28: Timestamp: 0x55acac52
6797e8.d28: Image Version: 6.0
6807e8.d28: SizeOfImage: 0x50000 (327680)
6817e8.d28: Resource Dir: 0x4e000 LB 0x760
6827e8.d28: ProductName: Trend Micro Eyes
6837e8.d28: ProductVersion: 6.60
6847e8.d28: FileVersion: 6.60.0.1041
6857e8.d28: SpecialBuild: 1041
6867e8.d28: PrivateBuild: Build 1041 - 7/20/2015
6877e8.d28: FileDescription: TrendMicro Common Module
6887e8.d28: \SystemRoot\System32\drivers\tmactmon.sys:
6897e8.d28: CreationTime: 2015-07-28T18:23:04.000000000Z
6907e8.d28: LastWriteTime: 2015-07-28T19:23:06.000000000Z
6917e8.d28: ChangeTime: 2016-01-27T18:20:29.122649800Z
6927e8.d28: FileAttributes: 0x20
6937e8.d28: Size: 0x1d228
6947e8.d28: NT Headers: 0xe0
6957e8.d28: Timestamp: 0x55b0c073
6967e8.d28: Machine: 0x8664 - amd64
6977e8.d28: Timestamp: 0x55b0c073
6987e8.d28: Image Version: 6.0
6997e8.d28: SizeOfImage: 0x23000 (143360)
7007e8.d28: Resource Dir: 0x21000 LB 0x4c8
7017e8.d28: ProductName: Trend Micro AEGIS
7027e8.d28: ProductVersion: 2.972
7037e8.d28: FileVersion: 2.972.0.1152
7047e8.d28: SpecialBuild: 1152
7057e8.d28: PrivateBuild: Build 1152 - 7/23/2015
7067e8.d28: FileDescription: TrendMicro Activity Monitor Module
7077e8.d28: \SystemRoot\System32\drivers\tmevtmgr.sys:
7087e8.d28: CreationTime: 2015-07-28T18:23:04.000000000Z
7097e8.d28: LastWriteTime: 2015-07-28T19:23:06.000000000Z
7107e8.d28: ChangeTime: 2016-01-27T18:20:28.873141000Z
7117e8.d28: FileAttributes: 0x20
7127e8.d28: Size: 0x13768
7137e8.d28: NT Headers: 0xe0
7147e8.d28: Timestamp: 0x55b0c06f
7157e8.d28: Machine: 0x8664 - amd64
7167e8.d28: Timestamp: 0x55b0c06f
7177e8.d28: Image Version: 6.0
7187e8.d28: SizeOfImage: 0x16000 (90112)
7197e8.d28: Resource Dir: 0x14000 LB 0x4c8
7207e8.d28: ProductName: Trend Micro AEGIS
7217e8.d28: ProductVersion: 2.972
7227e8.d28: FileVersion: 2.972.0.1152
7237e8.d28: SpecialBuild: 1152
7247e8.d28: PrivateBuild: Build 1152 - 7/23/2015
7257e8.d28: FileDescription: TrendMicro Event Management Module
7267e8.d28: \SystemRoot\System32\drivers\tmtdi.sys:
7277e8.d28: CreationTime: 2013-06-18T19:09:06.000000000Z
7287e8.d28: LastWriteTime: 2013-06-18T19:09:06.000000000Z
7297e8.d28: ChangeTime: 2016-01-27T18:18:51.549114700Z
7307e8.d28: FileAttributes: 0x20
7317e8.d28: Size: 0x1aa18
7327e8.d28: NT Headers: 0xf0
7337e8.d28: Timestamp: 0x50ed55e5
7347e8.d28: Machine: 0x8664 - amd64
7357e8.d28: Timestamp: 0x50ed55e5
7367e8.d28: Image Version: 6.0
7377e8.d28: SizeOfImage: 0x1d000 (118784)
7387e8.d28: Resource Dir: 0x1c000 LB 0x560
7397e8.d28: ProductName: Trend Micro Network Security Components
7407e8.d28: ProductVersion: 5.82
7417e8.d28: FileVersion: 5.82.0.1062
7427e8.d28: SpecialBuild: 1062
7437e8.d28: PrivateBuild: Build 1062 - 1/9/2013
7447e8.d28: FileDescription: Trend Micro TDI Driver (amd64-fre)
7457e8.d28: \SystemRoot\System32\drivers\tmebc64.sys:
7467e8.d28: CreationTime: 2015-06-19T22:21:22.000000000Z
7477e8.d28: LastWriteTime: 2015-06-19T22:21:22.000000000Z
7487e8.d28: ChangeTime: 2016-01-27T18:30:53.434854300Z
7497e8.d28: FileAttributes: 0x20
7507e8.d28: Size: 0xef30
7517e8.d28: NT Headers: 0xf0
7527e8.d28: Timestamp: 0x557fd35d
7537e8.d28: Machine: 0x8664 - amd64
7547e8.d28: Timestamp: 0x557fd35d
7557e8.d28: Image Version: 6.0
7567e8.d28: SizeOfImage: 0xf000 (61440)
7577e8.d28: Resource Dir: 0xe000 LB 0x6f8
7587e8.d28: ProductName: Trend Micro Early Boot Clean
7597e8.d28: ProductVersion: 1.5
7607e8.d28: FileVersion: 1.5.0.1020
7617e8.d28: SpecialBuild: 1020
7627e8.d28: PrivateBuild: Build 1020 - 6/16/2015
7637e8.d28: FileDescription: Trend Micro early boot driver
7647e8.d28: \SystemRoot\System32\drivers\tmeevw.sys:
7657e8.d28: CreationTime: 2015-06-08T18:54:40.000000000Z
7667e8.d28: LastWriteTime: 2015-06-08T18:54:40.000000000Z
7677e8.d28: ChangeTime: 2016-01-28T23:05:54.969520100Z
7687e8.d28: FileAttributes: 0x20
7697e8.d28: Size: 0x1c760
7707e8.d28: NT Headers: 0xf0
7717e8.d28: Timestamp: 0x5487bf1b
7727e8.d28: Machine: 0x8664 - amd64
7737e8.d28: Timestamp: 0x5487bf1b
7747e8.d28: Image Version: 6.1
7757e8.d28: SizeOfImage: 0x1f000 (126976)
7767e8.d28: Resource Dir: 0x1a000 LB 0x3488
7777e8.d28: ProductName: Trend Micro EagleEye
7787e8.d28: ProductVersion: 2.0
7797e8.d28: FileVersion: 2.0.0.1017
7807e8.d28: SpecialBuild: 1017
7817e8.d28: PrivateBuild: Build 1017 - 12/10/2014
7827e8.d28: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
7837e8.d28: Calling main()
7847e8.d28: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7857e8.d28: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7867e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7877e8.d28: SUPR3HardenedMain: Final process, opening VBoxDrv...
7887e8.d28: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
7897e8.d28: supR3HardNtEnableThreadCreation:
7907e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7917e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7927e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d4080:C:\Windows\system32 [calling]
7937e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7947e8.d28: supR3HardenedDllNotificationCallback: load 000007feea450000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7957e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7967e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7977e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
7987e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7997e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8007e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
8017e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8027e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8037e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8047e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
8057e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8067e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8077e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8087e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8097e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8107e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8117e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8127e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8137e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8157e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8167e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8197e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8207e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8217e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8227e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8237e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8247e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8257e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8267e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8277e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8287e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8297e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8307e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8317e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8327e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8337e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d4080:C:\Windows\system32 [calling]
8347e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8357e8.d28: supR3HardenedDllNotificationCallback: load 000007fefceb0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
8367e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8377e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
8387e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8397e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
8407e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8417e8.d28: supR3HardenedDllNotificationCallback: load 000007fefce00000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
8427e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8437e8.d28: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
8447e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8457e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\Wintrust.dll'
8467e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8477e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8487e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007193f0:C:\Windows\system32 [calling]
8497e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8507e8.d28: supR3HardenedDllNotificationCallback: load 000007fefc3f0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
8517e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8527e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3f0000 'C:\Windows\system32\bcrypt.dll'
8537e8.d28: bcrypt.dll loaded at 000007fefc3f0000, BCryptOpenAlgorithmProvider at 000007fefc3f2640, preloading providers:
8547e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
8557e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
8567e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8577e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8587e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8597e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8607e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8617e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8627e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8637e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8647e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
8657e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
8667e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
8677e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8687e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8697e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8707e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8717e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8727e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8737e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
8747e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8757e8.d28: supR3HardenedDllNotificationCallback: load 000007fefbed0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
8767e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8777e8.d28: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
8787e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8797e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8807e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
8817e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
8827e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
8837e8.d28: supR3HardenedDllNotificationCallback: load 000007feff270000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
8847e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8857e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\bcryptprimitives.dll'
8867e8.d28: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000071aad0)
8877e8.d28: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000071d990)
8887e8.d28: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000071dab0)
8897e8.d28: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000071dcc0)
8907e8.d28: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000071dde0)
8917e8.d28: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000071df00)
8927e8.d28: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000071e140)
8937e8.d28: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000071e260)
8947e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
8957e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
8967e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8987e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8997e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9007e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9017e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9027e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9037e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9047e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
9057e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9067e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\CRYPTSP.dll'
9077e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9087e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9097e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9107e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9117e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9127e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9137e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9147e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9157e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcbb0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9167e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9177e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbb0000 'C:\Windows\system32\rsaenh.dll'
9187e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9197e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9207e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
9217e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9227e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9237e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9247e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9257e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcba0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
9267e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9277e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\CRYPTBASE.dll'
9287e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9297e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9307e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32\kernel32.dll'
9317e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9327e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9337e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\WINTRUST.DLL'
9347e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9357e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9367e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\CRYPT32.dll'
9377e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9387e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
9397e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9407e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9437e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9467e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9477e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9487e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9497e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe550000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
9507e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9517e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe550000 'C:\Windows\system32\imagehlp.dll'
9527e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9537e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9547e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\CRYPTSP.dll'
9557e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9567e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9577e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9587e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9597e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9607e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
9617e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
9627e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9637e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9647e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
9657e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
9667e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9677e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9687e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
9697e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
9707e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
9717e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9727e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9737e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9747e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
9757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
9767e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9777e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9787e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
9797e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
9807e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
9817e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9827e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9837e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9857e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9867e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9877e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9887e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9897e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9907e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9917e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9927e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9937e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9947e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9957e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9967e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
9977e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9987e8.d28: supR3HardenedDllNotificationCallback: load 0000000076e40000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
9997e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10007e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe3d0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
10017e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10027e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
10037e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
10047e8.d28: supR3HardenedDllNotificationCallback: load 000007fefefc0000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
10057e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
10067e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10077e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10087e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
10097e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10107e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
10117e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
10127e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
10137e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
10147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
10157e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
10167e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10177e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
10187e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
10197e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
10207e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
10217e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
10227e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10237e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10247e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10257e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10267e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10277e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10287e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
10297e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
10307e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10317e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10327e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10337e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10347e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10357e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10367e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10377e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10397e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10407e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10417e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10427e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd330000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
10437e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10447e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
10457e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
10467e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\IMM32.DLL'
10477e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e40000 'C:\Windows\system32\USER32.dll'
10487e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
10497e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10507e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
10517e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
10527e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10537e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10547e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10557e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10567e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10577e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10587e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10597e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10607e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10617e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10627e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10637e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10647e8.d28: supR3HardenedDllNotificationCallback: load 000007fefc360000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
10657e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10667e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc360000 'C:\Windows\system32\ncrypt.dll'
10677e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10687e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10697e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3f0000 'C:\Windows\system32\bcrypt.dll'
10707e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10717e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
10727e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
10737e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
10747e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
10757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
10767e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
10777e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10787e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
10797e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
10807e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10817e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10827e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10837e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10857e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10867e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10877e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10887e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10897e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10907e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10917e8.d28: supR3HardenedDllNotificationCallback: load 000007fefce80000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
10927e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10937e8.d28: supR3HardenedDllNotificationCallback: load 000007fefce10000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
10947e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10957e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\USERENV.dll'
10967e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10977e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10987e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
10997e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11007e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11017e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11027e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
11037e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
11047e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11057e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11067e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11077e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11087e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11097e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11107e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11117e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11127e8.d28: supR3HardenedDllNotificationCallback: load 000007fefb980000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
11137e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11147e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb980000 'C:\Windows\system32\GPAPI.dll'
11157e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11167e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11177e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11187e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11197e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\rpcrt4.dll'
11207e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11217e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-Management-L2-1-0.dll'
11227e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11237e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11247e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11257e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
11267e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
11277e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
11287e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
11297e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
11307e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
11317e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
11327e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11337e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
11347e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
11357e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11367e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11377e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11407e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11437e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11467e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11477e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11487e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11497e8.d28: supR3HardenedDllNotificationCallback: load 000007fefca50000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
11507e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11517e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
11527e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
11537e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11547e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11557e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11567e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11577e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11587e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11597e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11607e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11617e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11627e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11637e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11647e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11657e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11667e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11677e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11687e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11697e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11707e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11717e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11727e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11737e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11747e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11757e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11767e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11777e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11787e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11797e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11807e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11817e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11827e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11837e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\cryptnet.dll'
11847e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11857e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11867e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11877e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
11887e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\profapi.dll'
11897e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11907e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11917e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11927e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
11937e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
11947e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11967e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11987e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11997e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12007e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12017e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12027e8.d28: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12037e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12047e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12057e8.d28: supR3HardenedDllNotificationCallback: load 000007fefef40000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
12067e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12077e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef40000 'C:\Windows\system32\SHLWAPI.dll'
12087e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12097e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009a8f70
12107e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12117e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=99113493CCEA6CE03AD58304FCE46D35B665BC85
12127e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12137e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12147e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12157e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-Management-L1-1-0.dll'
12167e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12177e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
12187e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12197e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12207e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
12217e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12227e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
12237e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
12247e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
12257e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
12267e8.d28: g_pfnWinVerifyTrust=000007fefceb1010
12277e8.d28: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
12287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
12297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
12327e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
12337e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12347e8.d28: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
12357e8.d28: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
12367e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
12377e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12387e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12397e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
12407e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
12417e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12427e8.d28: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
12437e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12447e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12457e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12467e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
12477e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
12487e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12497e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
12507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
12517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12527e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12537e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
12547e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
12557e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12567e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
12577e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12587e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12597e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12607e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
12617e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
12627e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12637e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
12647e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
12657e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12667e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12677e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
12687e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
12697e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12707e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
12717e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
12727e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12737e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12747e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
12757e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
12767e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12777e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
12787e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
12797e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12807e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12817e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
12827e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
12837e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12847e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
12857e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
12867e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12877e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12887e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF6214D5B4EE4D004FA11B4426B0E781D4E918A9
12897e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
12907e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12917e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
12927e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
12937e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
12947e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
12957e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
12967e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
12977e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12987e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
12997e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
13007e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13017e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13027e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
13037e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
13047e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13057e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
13067e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
13077e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13087e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13097e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
13107e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13117e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13127e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13137e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
13147e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13157e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13167e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
13177e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
13187e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13197e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
13207e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
13217e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13227e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13237e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
13247e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
13257e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13267e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
13277e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
13287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
13317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
13327e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13337e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
13347e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
13357e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13367e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13377e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
13387e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
13397e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13407e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
13417e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
13427e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13437e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13447e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369CA0A282E9201E8C3399DEF1010F6DC0676FA
13457e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
13467e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13477e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
13487e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
13497e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
13507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13527e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
13537e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
13547e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13557e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
13567e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
13577e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13587e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13597e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
13607e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
13617e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13627e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
13637e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
13647e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13657e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13667e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6964F437558F504725B2BE66A35240231044644F
13677e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
13687e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13697e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
13707e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
13717e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13727e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13737e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13747e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
13757e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13767e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13777e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13787e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13797e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13807e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13817e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
13827e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
13837e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13847e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
13857e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
13867e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13877e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13887e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
13897e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
13907e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13917e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
13927e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13937e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
13947e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
13957e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA2C80E31A4EEBFA49ACC284D4C1B701145978CB
13967e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
13977e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13987e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
13997e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
14007e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
14017e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
14027e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
14037e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=345936918DE59E26BE1BF613500ED5E48C26873F
14047e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
14057e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14067e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
14077e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
14087e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
14097e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
14107e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B3709F99BA1F5F78D42BD62B72E557388B5AE0
14117e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14127e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14137e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14147e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14157e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c7040:C:\Windows\system32 [calling]
14167e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\crypt32.dll'
14177e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xab4249f350d9b900 C=US, O=Best Buy Co, OU=IS, CN=Best Buy Enterprise Root R01
14187e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14197e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14207e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xf71ea2090653c100 CN=Best Buy Enterprise Root 01i001
14217e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14227e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14237e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14247e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14257e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xa3f2ee08bbb4a800 C=US, ST=MN, L=Richfield, O=Best Buy Co., Inc., OU=IS, CN=Best Buy Root CA
14267e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14277e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14287e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14297e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
14307e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14317e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14327e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14337e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14347e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14357e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14367e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14377e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14387e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
14397e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14407e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14417e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
14427e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
14437e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xa3f2ee08bbb4a800 C=US, ST=MN, L=Richfield, O=Best Buy Co., Inc., OU=IS, CN=Best Buy Root CA
14447e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=MN, L=Richfield, O=Best Buy Co., Inc., OU=IS, CN=Best Buy NA Policy CA
14457e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
14467e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x37ae4a00abf8bb00 C=US, ST=Minnesota, L=Richfield, O=Best Buy Inc., CN=Best Buy Enterprise Root 01i002
14477e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xab4249f350d9b900 C=US, O=Best Buy Co, OU=IS, CN=Best Buy Enterprise Root R01
14487e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xf71ea2090653c100 CN=Best Buy Enterprise Root 01i001
14497e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x310a5b66da4eab00 DC=com, DC=bestbuy, DC=na, CN=Best Buy Enterprise Issuing H15 Mobile POC
14507e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Entrust, Inc., OU=www.entrust.net/rpa is incorporated by reference, OU=(c) 2009 Entrust, Inc., CN=Entrust Certification Authority - L1C
14517e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14527e8.d28: supR3HardenedWinIsDesiredRootCA: Adding 0xa3f2ee08bbb4a800 C=US, ST=MN, L=Richfield, O=Best Buy Co., Inc., OU=IS, CN=Best Buy Root CA
14537e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=MN, L=Richfield, O=Best Buy Co., Inc., OU=IS, CN=Best Buy NA Policy CA
14547e8.d28: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Entrust, Inc., OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE, OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY, OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2008 Entrust, Inc., CN=Entrust Certification Authority - L1B
14557e8.d28: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=32
14567e8.d28: SUPR3HardenedMain: Load Runtime...
14577e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14587e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14597e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14607e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14617e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14627e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
14637e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14647e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14657e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
14667e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14677e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14687e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14697e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
14707e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
14717e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
14727e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
14737e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14747e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14757e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
14767e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
14777e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
14787e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14797e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14807e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14817e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14827e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
14837e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14857e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14867e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
14877e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14887e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14897e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14907e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14917e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14927e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14937e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
14947e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
14957e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
14967e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
14977e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
14987e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14997e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
15007e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
15017e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15027e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15037e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15047e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15057e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15067e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15077e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
15087e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15097e8.d28: supR3HardenedDllNotificationCallback: load 000007fee91d0000 LB 0x00552000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
15107e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15117e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15127e8.d28: supR3HardenedDllNotificationCallback: load 0000000070370000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15137e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15147e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15157e8.d28: supR3HardenedDllNotificationCallback: load 00000000702d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
15167e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15177e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
15187e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15197e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe540000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
15207e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
15217e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15227e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15237e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15247e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15257e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15267e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15277e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15287e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15297e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15307e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15317e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15327e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15337e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15347e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15357e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15367e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15377e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15387e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15397e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15407e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15417e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15427e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15437e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15447e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15457e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15467e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15477e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15487e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15497e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15507e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15517e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15527e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15537e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15547e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15557e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15567e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15577e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15587e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15597e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15607e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15617e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15627e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15637e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15647e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15657e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d46c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\CCM;C:\HashiCorp\Vagrant\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;;C:\Program Files\Docker Toolbox [calling]
15667e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15677e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15687e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15697e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee91d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15707e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
15717e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003035d30:C:\Windows\system32 [calling]
15727e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\Wintrust.dll'
15737e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
15747e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003035d30:C:\Windows\system32 [calling]
15757e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\crypt32.dll'
15767e8.d28: SUPR3HardenedMain: Load TrustedMain...
15777e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15787e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15797e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
15807e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15817e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
15827e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
15837e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
15847e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
15857e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
15867e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
15877e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
15887e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
15897e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
15907e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
15917e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
15927e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
15937e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
15947e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15967e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15977e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
15987e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
15997e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
16007e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
16017e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
16027e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16037e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16047e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16057e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
16067e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
16077e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16087e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16097e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16107e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
16117e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
16127e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16137e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
16147e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16157e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16167e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16177e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16187e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16197e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16207e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16217e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
16227e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16237e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16247e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16257e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16267e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
16277e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
16287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
16297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
16307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16317e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
16327e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16337e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16347e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16357e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
16367e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
16377e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16407e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
16417e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
16427e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
16437e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
16447e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
16457e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16467e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16477e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16487e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
16497e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16507e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
16517e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
16527e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16537e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16547e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
16557e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
16567e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
16577e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
16587e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
16597e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16607e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16617e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
16627e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
16637e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
16647e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
16657e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
16667e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16677e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16687e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16697e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16707e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16717e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16727e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16737e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16747e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
16757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
16767e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16777e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16787e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16797e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
16807e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
16817e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
16827e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
16837e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
16847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
16857e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
16867e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
16877e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
16887e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
16897e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
16907e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
16917e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
16927e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
16937e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16947e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
16957e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
16967e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16977e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16987e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16997e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
17007e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
17017e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
17027e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
17037e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
17047e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
17057e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
17067e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
17077e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
17087e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
17097e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
17107e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17117e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
17127e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17137e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
17147e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17157e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17167e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
17177e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17197e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17207e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17217e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17227e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17237e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17247e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17257e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17267e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17277e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
17297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
17307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
17317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
17327e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17337e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17347e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17357e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17367e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17377e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
17387e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
17397e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
17407e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
17417e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17437e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
17457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
17467e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
17477e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
17487e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
17497e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
17507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
17517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17527e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17537e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17547e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
17557e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17567e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
17577e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
17587e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
17597e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17607e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
17617e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
17627e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
17637e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
17647e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
17657e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
17667e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
17677e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17687e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17697e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17707e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17717e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
17727e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
17737e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17747e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17767e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17777e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17787e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17797e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17807e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17817e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17827e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17837e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17857e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17867e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17877e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17887e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17897e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17907e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17917e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17927e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17937e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17947e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17967e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17987e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17997e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18007e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18017e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18027e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18037e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18047e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18057e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18067e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18077e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18087e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18097e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18107e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18117e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18127e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18137e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18157e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18167e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18187e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
18197e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
18207e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
18217e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
18227e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
18237e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18247e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18257e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18267e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
18277e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
18287e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
18297e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18307e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18317e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18327e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18337e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18347e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18357e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18367e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18377e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18407e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18437e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18457e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18467e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18477e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18487e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18497e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18507e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18517e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18527e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18537e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18547e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18557e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18567e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18577e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18587e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18597e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18607e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18617e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18627e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18637e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18647e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18657e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18667e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18677e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18687e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18697e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18707e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18717e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18727e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18737e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18747e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
18757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18767e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18777e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18787e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18797e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18807e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18817e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18827e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18837e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18847e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18857e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18867e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18877e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18887e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18897e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
18907e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18917e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18927e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18937e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18947e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18967e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18987e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18997e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19007e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
19017e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
19027e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
19037e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
19047e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
19057e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
19067e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
19077e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19087e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19097e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19107e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19117e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
19127e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
19137e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19157e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19167e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19197e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
19207e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19217e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19227e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19237e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19247e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19257e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19267e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19277e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19287e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19297e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19307e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19317e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19327e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19337e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19347e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19357e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19367e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19377e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19407e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19437e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19467e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
19477e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
19487e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19497e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
19507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
19517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
19527e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
19537e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19547e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19557e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19567e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19577e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
19587e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19597e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
19607e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
19617e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
19627e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
19637e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
19647e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
19657e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
19667e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19677e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
19687e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
19697e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
19707e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
19717e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
19727e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19737e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
19747e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
19757e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
19767e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19777e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19787e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
19797e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
19807e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
19817e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
19827e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
19837e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
19847e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
19857e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19867e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19877e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
19887e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19897e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
19907e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
19917e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19927e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19937e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19947e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19967e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19987e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19997e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20007e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20017e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
20027e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
20037e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
20047e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
20057e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
20067e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
20077e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
20087e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20097e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20107e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
20117e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
20127e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
20137e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20157e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20167e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20197e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20207e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20217e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20227e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20237e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20247e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
20257e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
20267e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
20277e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
20287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
20297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
20307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
20317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20327e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20337e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20347e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20357e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
20367e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
20377e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20407e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20437e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20467e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20477e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20487e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20497e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
20507e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
20517e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
20527e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20537e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20547e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20557e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
20567e8.d28: supR3HardenedDllNotificationCallback: load 000007fee8950000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
20577e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
20587e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20597e8.d28: supR3HardenedDllNotificationCallback: load 000007fee8830000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
20607e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20617e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
20627e8.d28: supR3HardenedDllNotificationCallback: load 000007fee9c10000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
20637e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
20647e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
20657e8.d28: supR3HardenedDllNotificationCallback: load 000007fee8730000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
20667e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
20677e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
20687e8.d28: supR3HardenedDllNotificationCallback: load 000007feea410000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
20697e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
20707e8.d28: supR3HardenedDllNotificationCallback: load 000007feff090000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
20717e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
20727e8.d28: supR3HardenedDllNotificationCallback: load 000007fefce20000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
20737e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
20747e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe820000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
20757e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20767e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe570000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
20777e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20787e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
20797e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
20807e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20817e8.d28: supR3HardenedDllNotificationCallback: load 000007fefb480000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
20827e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20837e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20847e8.d28: supR3HardenedDllNotificationCallback: load 000000006fff0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
20857e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20867e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20877e8.d28: supR3HardenedDllNotificationCallback: load 000000006f680000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
20887e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20897e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe440000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
20907e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
20917e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20927e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20937e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20947e8.d28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
20957e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
20967e8.d28: supR3HardenedDllNotificationCallback: load 000007fef9220000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
20977e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
20987e8.d28: supR3HardenedDllNotificationCallback: load 000007fefd640000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
20997e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21007e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21017e8.d28: supR3HardenedDllNotificationCallback: load 000007fefa700000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
21027e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21037e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
21047e8.d28: supR3HardenedDllNotificationCallback: load 000007fef8b90000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
21057e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
21067e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
21077e8.d28: supR3HardenedDllNotificationCallback: load 000000006f570000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
21087e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
21097e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
21107e8.d28: supR3HardenedDllNotificationCallback: load 000000006f490000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
21117e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
21127e8.d28: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
21137e8.d28: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
21147e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
21157e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21167e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21197e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21207e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21217e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007694c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21227e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\imm32.dll'
21237e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8950000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
21247e8.d28: SUPR3HardenedMain: Calling TrustedMain (000007fee8951af0)...
21257e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21267e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21277e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
21287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
21307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
21317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
21327e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
21337e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21347e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21357e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
21367e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
21377e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
21387e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21407e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21437e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21457e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b4560:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21467e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21477e8.d28: supR3HardenedDllNotificationCallback: load 000007fefb130000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
21487e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21497e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21507e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21517e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b4560:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21527e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21537e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21547e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5320:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21557e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21567e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21577e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5320:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21587e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21597e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21607e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21617e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb480000 'C:\Windows\system32\dwmapi.dll'
21627e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
21637e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21647e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\CRYPTBASE.dll'
21657e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21667e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21677e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\Windows\system32\shell32.dll'
21687e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21697e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21707e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32\kernel32.dll'
21717e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21727e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21737e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21747e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21757e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21767e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21777e8.d28: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
21787e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21797e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
21807e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e40000 'C:\Windows\system32\user32.dll'
21817e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21827e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21837e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb130000 'C:\Windows\system32\uxtheme.dll'
21847e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e40000 'C:\Windows\system32\user32.dll'
21857e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\advapi32.dll'
21867e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21877e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21887e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\userenv.dll'
21897e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21907e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21917e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32\kernel32.dll'
21927e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
21937e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
21947e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
21957e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
21967e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
21977e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21987e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21997e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22007e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22017e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22027e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22037e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
22047e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
22057e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22067e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22077e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22087e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22097e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22107e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22117e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22127e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22137e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22147e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22157e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22167e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22177e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22197e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22207e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22217e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007691f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22227e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22237e8.d28: supR3HardenedDllNotificationCallback: load 000007fefe780000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
22247e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22257e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe780000 'C:\Windows\system32\CLBCatQ.DLL'
22267e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
22277e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
22287e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22297e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\CRYPTSP.dll'
22307e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22317e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
22327e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
22337e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
22347e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
22357e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22367e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22377e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
22387e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22407e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22417e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22427e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22437e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcb80000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
22447e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22457e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb80000 'C:\Windows\system32\RpcRtRemote.dll'
22467e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22477e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5320:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22487e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\oleaut32.dll'
22497e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000624 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
22507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
22517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
22527e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
22537e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
22547e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22557e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
22567e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
22577e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007698b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22587e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
22597e8.d28: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
22607e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
22617e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\SXS.DLL'
22627e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
22637e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007698b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22647e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
22657e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22667e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769ee0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22677e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\OLEAUT32.dll'
22687e8.d28: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
22697e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22707e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
22717e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
22727e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22737e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22747e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22757e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22767e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
22777e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22787e8.ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
22797e8.ea0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22807e8.ea0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
22817e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22827e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22837e8.ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22847e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22857e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22867e8.ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22877e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22887e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22897e8.ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22907e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22917e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22927e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22937e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22947e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22957e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22967e8.ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22977e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22987e8.ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22997e8.ea0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000790050:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23007e8.ea0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23017e8.ea0: supR3HardenedDllNotificationCallback: load 000007fee8120000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23027e8.ea0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23037e8.ea0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8120000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23047e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e40000 'C:\Windows\system32\user32.dll'
23057e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23067e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000076a090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23077e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\Windows\system32\shell32.dll'
23087e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
23097e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23107e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000076a090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23117e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
23127e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23137e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d31c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23147e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\Windows\system32\shell32.dll'
23157e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23167e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d31c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23177e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\Windows\system32\shell32.dll'
23187e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23197e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d31c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23207e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
23217e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23227e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d31c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23237e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\OLEAUT32.dll'
23247e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23257e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
23267e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
23277e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
23287e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
23297e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23307e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23317e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
23327e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23337e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23347e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
23357e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
23367e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
23377e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23387e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23407e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23437e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23467e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23477e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23487e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23497e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a10 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23507e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
23517e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
23527e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
23537e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
23547e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23557e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23567e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
23577e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
23587e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23597e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
23607e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
23617e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23627e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23637e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23647e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23657e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23667e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23677e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23687e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23697e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
23707e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23717e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23727e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23737e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23747e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23757e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23767e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009aad80:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23777e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23787e8.d28: supR3HardenedDllNotificationCallback: load 000007fefca40000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
23797e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23807e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23817e8.d28: supR3HardenedDllNotificationCallback: load 000007fefba90000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
23827e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23837e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca40000 'C:\Windows\system32\wbem\wbemprox.dll'
23847e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23857e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
23867e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
23877e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
23887e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
23897e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23907e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23917e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
23927e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
23937e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23947e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23957e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23967e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23977e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23987e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009aad80:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23997e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24007e8.d28: supR3HardenedDllNotificationCallback: load 000007fef5810000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
24017e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24027e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5810000 'C:\Windows\system32\wbem\wbemsvc.dll'
24037e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24047e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
24057e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
24067e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
24077e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
24087e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24097e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24107e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
24117e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
24127e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
24137e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24147e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
24157e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
24167e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24177e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
24187e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
24197e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
24207e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
24217e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
24227e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
24237e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
24247e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24257e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24267e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
24277e8.d28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
24287e8.d28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
24297e8.d28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
24307e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24317e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24327e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24337e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24347e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24357e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24367e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24377e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24387e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24397e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24407e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24417e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24427e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24437e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24447e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24457e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24467e8.d28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
24477e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24487e8.d28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24497e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009aad80:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24507e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24517e8.d28: supR3HardenedDllNotificationCallback: load 000007fef59d0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
24527e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24537e8.d28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
24547e8.d28: supR3HardenedDllNotificationCallback: load 000007fefbbb0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
24557e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
24567e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef59d0000 'C:\Windows\system32\wbem\fastprox.dll'
24577e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\OLEAUT32.dll'
24587e8.d28: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
24597e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
24607e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
24617e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
24627e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
24637e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
24647e8.d28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
24657e8.d28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24667e8.d28: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
24677e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045d37f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24687e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9220000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
24697e8.d28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24707e8.d28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d37f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24717e8.d28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\WINMM.dll'
24727e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24737e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
24747e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24757e8.15cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
24767e8.15cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24777e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24787e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24797e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
24807e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
24817e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
24827e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24837e8.15cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
24847e8.15cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
24857e8.15cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
24867e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24877e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24887e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24897e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24907e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24917e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24927e8.15cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24937e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24947e8.15cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24957e8.15cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24967e8.15cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24977e8.15cc: supR3HardenedDllNotificationCallback: load 000007fee7eb0000 LB 0x00262000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
24987e8.15cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24997e8.15cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
25007e8.15cc: supR3HardenedDllNotificationCallback: load 000000006f380000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
25017e8.15cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
25027e8.15cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7eb0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25037e8.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25047e8.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25057e8.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25067e8.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25077e8.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25087e8.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25097e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25107e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25117e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25127e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25137e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25147e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25157e8.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25167e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25177e8.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25187e8.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25197e8.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25207e8.14d4: supR3HardenedDllNotificationCallback: load 000007fee9bf0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25217e8.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25227e8.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9bf0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25237e8.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25247e8.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25257e8.1700: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
25267e8.1700: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25277e8.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25287e8.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25297e8.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25307e8.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25317e8.1700: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25327e8.1700: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25337e8.1700: supR3HardenedDllNotificationCallback: load 000007fee9830000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
25347e8.1700: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25357e8.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9830000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
25367e8.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25377e8.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25387e8.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25397e8.17f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
25407e8.17f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25417e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25427e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25437e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25447e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25457e8.17f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
25467e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25477e8.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25487e8.17f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25497e8.17f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25507e8.17f8: supR3HardenedDllNotificationCallback: load 000007fee9820000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
25517e8.17f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25527e8.17f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9820000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
25537e8.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25547e8.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25557e8.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25567e8.1404: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
25577e8.1404: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25587e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25597e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25607e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25617e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25627e8.1404: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
25637e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25647e8.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25657e8.1404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25667e8.1404: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25677e8.1404: supR3HardenedDllNotificationCallback: load 000007fee9810000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
25687e8.1404: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25697e8.1404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9810000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
25707e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25717e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25727e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\Windows\system32/Shell32.dll'
25737e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
25747e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25757e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
25767e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
25777e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25787e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\profapi.dll'
25797e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25807e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25817e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25827e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
25837e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
25847e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
25857e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
25867e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
25877e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
25887e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
25897e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
25907e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25917e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25927e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25937e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c54 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25947e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
25957e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
25967e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
25977e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
25987e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25997e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26007e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
26017e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
26027e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
26037e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
26047e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26057e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26067e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26077e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26087e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26097e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26107e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26117e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26127e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26137e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26147e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26157e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
26167e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
26177e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26187e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26197e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26207e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
26217e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26227e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
26237e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
26247e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26257e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26267e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26277e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
26287e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
26297e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
26307e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
26317e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26327e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26337e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26347e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26357e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26367e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26377e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26387e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26397e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26407e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26417e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
26427e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
26437e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c64 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
26447e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
26457e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
26467e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
26477e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
26487e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26497e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26507e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26517e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
26527e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
26537e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
26547e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
26557e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
26567e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
26577e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
26587e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26597e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26607e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26617e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26627e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26637e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26647e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26657e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26667e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26677e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
26687e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26697e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26707e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26717e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26727e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26737e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26747e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26757e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26767e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26777e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
26787e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
26797e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
26807e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
26817e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
26827e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
26837e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
26847e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26857e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26867e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26877e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
26887e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
26897e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
26907e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26917e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26927e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26937e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26947e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26957e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26967e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26977e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26987e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26997e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27007e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27017e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27027e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27037e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27047e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27057e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27067e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27077e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27087e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
27097e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
27107e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27117e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27127e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27137e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27147e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27157e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27167e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27177e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27187e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27197e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27207e8.15c4: supR3HardenedDllNotificationCallback: load 000007fee75d0000 LB 0x008dc000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27217e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27227e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27237e8.15c4: supR3HardenedDllNotificationCallback: load 000007fee9760000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27247e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27257e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
27267e8.15c4: supR3HardenedDllNotificationCallback: load 000007fee9ca0000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
27277e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
27287e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27297e8.15c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
27307e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
27317e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefb9a0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
27327e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
27337e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27347e8.15c4: supR3HardenedDllNotificationCallback: load 000007fee97d0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
27357e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27367e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27377e8.15c4: supR3HardenedDllNotificationCallback: load 000007fef9ee0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
27387e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27397e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27407e8.15c4: supR3HardenedDllNotificationCallback: load 000007fef9ec0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
27417e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27427e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee75d0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
27437e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c5c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
27447e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
27457e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
27467e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
27477e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27487e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27497e8.15c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27507e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27517e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27527e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27537e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27547e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27557e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8120000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
27567e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27577e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27587e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27597e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee97d0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
27607e8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27617e8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27627e8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27637e8.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
27647e8.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27657e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27667e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27677e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27687e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27697e8.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27707e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27717e8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27727e8.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27737e8.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27747e8.10cc: supR3HardenedDllNotificationCallback: load 000007fee9750000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
27757e8.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27767e8.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9750000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
27777e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27787e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27797e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27807e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ee0000 'C:\Windows\system32/Iphlpapi.dll'
27817e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d9c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
27827e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
27837e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
27847e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
27857e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
27867e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27877e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27887e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27897e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
27907e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
27917e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
27927e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
27937e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27947e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27957e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27967e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27977e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27987e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27997e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28007e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28017e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28027e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28037e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28047e8.15c4: supR3HardenedDllNotificationCallback: load 000007fef9c70000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
28057e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28067e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c70000 'C:\Windows\system32\dhcpcsvc.DLL'
28077e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28087e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28097e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ee0000 'C:\Windows\system32\IPHLPAPI.DLL'
28107e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28117e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
28127e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
28137e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
28147e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
28157e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28167e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28177e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28187e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
28197e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
28207e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28217e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28227e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28237e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28247e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28257e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28267e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28277e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28287e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28297e8.15c4: supR3HardenedDllNotificationCallback: load 000007fef9c50000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
28307e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28317e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c50000 'C:\Windows\system32\dhcpcsvc6.DLL'
28327e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28337e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28347e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ee0000 'C:\Windows\system32\IPHLPAPI.DLL'
28357e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
28367e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
28377e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
28387e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
28397e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
28407e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28417e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28427e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
28437e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28447e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28457e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
28467e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
28477e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
28487e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
28497e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
28507e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
28517e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e24 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
28527e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
28537e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
28547e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
28557e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
28567e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28577e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28587e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
28597e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28607e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
28617e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
28627e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28637e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28647e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28657e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28667e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28677e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28687e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28697e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28707e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28717e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28727e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28737e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28747e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28757e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28767e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28777e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28787e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28797e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28807e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5f80:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28817e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28827e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefa740000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
28837e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28847e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
28857e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefaae0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
28867e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
28877e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28887e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d35b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28897e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa740000 'C:\Windows\System32\dsound.dll'
28907e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa740000 'C:\Windows\System32\dsound.dll'
28917e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e34 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28927e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
28937e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
28947e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
28957e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
28967e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28977e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28987e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28997e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29007e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
29017e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29027e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29037e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29047e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29057e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
29067e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
29077e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
29087e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
29097e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
29107e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29117e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29127e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
29137e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
29147e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29157e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29167e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
29177e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
29187e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29197e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29207e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29217e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29227e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29237e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29247e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29257e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29267e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29277e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29287e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29297e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29307e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29317e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29327e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29337e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29347e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5f80:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29357e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29367e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefad30000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
29377e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29387e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29397e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefac00000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
29407e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29417e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
29427e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad30000 'C:\Windows\System32\MMDevApi.dll'
29437e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
29447e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29457e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
29467e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29477e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29487e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff090000 'C:\Windows\system32\SETUPAPI.dll'
29497e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
29507e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29517e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef40000 'C:\Windows\system32\SHLWAPI.dll'
29527e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29537e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29547e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad30000 'C:\Windows\system32\MMDEVAPI.DLL'
29557e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
29567e8.7c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
29577e8.7c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29587e8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\Windows\system32\CFGMGR32.dll'
29597e8.238: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea0 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29607e8.238: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
29617e8.238: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
29627e8.238: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
29637e8.238: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
29647e8.238: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29657e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29667e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29677e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29687e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
29697e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29707e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
29717e8.238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
29727e8.238: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
29737e8.238: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29747e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29757e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29767e8.238: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29777e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29787e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29797e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29807e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29817e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29827e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29837e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29847e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29857e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29867e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29877e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29887e8.238: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29897e8.238: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29907e8.238: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29917e8.238: supR3HardenedDllNotificationCallback: load 000007fefa400000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
29927e8.238: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29937e8.238: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa400000 'C:\Windows\system32\AUDIOSES.DLL'
29947e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29957e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29967e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
29977e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29987e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-Management-L1-1-0.dll'
29997e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30007e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
30017e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\RPCRT4.dll'
30027e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30037e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30047e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad30000 'C:\Windows\system32\MMDevAPI.DLL'
30057e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30067e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
30077e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
30087e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
30097e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30107e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30117e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30127e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30137e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30147e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30157e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
30167e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
30177e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
30187e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
30197e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
30207e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30217e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30227e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30237e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef4 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
30247e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
30257e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
30267e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
30277e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
30287e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30297e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
30307e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
30317e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30327e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30337e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30347e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30357e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30367e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef8 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
30377e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
30387e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
30397e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
30407e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
30417e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30427e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30437e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
30447e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30457e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30467e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30477e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30487e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30497e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30507e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30517e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30527e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30537e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30547e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30557e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30567e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30577e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30587e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30597e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30607e8.15c4: supR3HardenedDllNotificationCallback: load 000007feee480000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
30617e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30627e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30637e8.15c4: supR3HardenedDllNotificationCallback: load 0000000070ba0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
30647e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30657e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30667e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefaad0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
30677e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30687e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30697e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30707e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30717e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30727e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30737e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3d00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30747e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30757e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30767e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3e20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30777e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30787e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30797e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3e20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30807e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30817e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30827e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3e20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30837e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30847e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30857e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d3fd0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30867e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30877e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30887e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30897e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30907e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Windows\system32\wdmaud.drv'
30917e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
30927e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
30937e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
30947e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
30957e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
30967e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30977e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30987e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30997e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
31007e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
31017e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
31027e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
31037e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31047e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31057e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31067e8.15c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31077e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31087e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31097e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f28 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
31107e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
31117e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
31127e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
31137e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
31147e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31157e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31167e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31177e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
31187e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
31197e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
31207e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
31217e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31227e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31237e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31247e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31257e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31267e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31277e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31287e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31297e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31307e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31317e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31327e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31337e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31347e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31357e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31367e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31377e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31387e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31397e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31407e8.15c4: supR3HardenedDllNotificationCallback: load 000007feef890000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
31417e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31427e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31437e8.15c4: supR3HardenedDllNotificationCallback: load 000007feef140000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
31447e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31457e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31467e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31477e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31487e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31497e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31507e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31517e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31527e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31537e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31547e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31557e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31567e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31577e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31587e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31597e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31607e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31617e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31627e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31637e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31647e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31657e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31667e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef890000 'C:\Windows\system32\msacm32.drv'
31677e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f00 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
31687e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
31697e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
31707e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
31717e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
31727e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31737e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31747e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
31757e8.15c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
31767e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
31777e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
31787e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31797e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31807e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31817e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31827e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31837e8.15c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31847e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31857e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31867e8.15c4: supR3HardenedDllNotificationCallback: load 000007feef130000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
31877e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31887e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef130000 'C:\Windows\system32\midimap.dll'
31897e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31907e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31917e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef130000 'C:\Windows\system32\midimap.dll'
31927e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31937e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31947e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef130000 'C:\Windows\system32\midimap.dll'
31957e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31967e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31977e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef130000 'C:\Windows\system32\midimap.dll'
31987e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
31997e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32007e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32017e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32027e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\ole32.dll'
32037e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32047e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000045d4060:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32057e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32067e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32077e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32087e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32097e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32107e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32117e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32127e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32137e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa700000 'C:\Windows\system32\winmm.dll'
32147e8.8d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\OLEAUT32.dll'
32157e8.12b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32167e8.12b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009b5320:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32177e8.12b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa400000 'C:\Windows\System32\audioses.dll'
32187e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32197e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000769b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32207e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32217e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\Windows\system32/kernel32.dll'
32227e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.DLL'
32237e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd4 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
32247e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009a8f70
32257e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009a8f70
32267e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
32277e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
32287e8.15c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32297e8.15c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
32307e8.15c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
32317e8.15c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
32327e8.15c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
32337e8.15c4: supR3HardenedDllNotificationCallback: load 000007fefcb20000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
32347e8.15c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
32357e8.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb20000 'C:\Windows\system32\apphelp.dll'
32364ac.cf0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 17222 ms, the end);
3237d04.f6c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 17855 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy