VirtualBox

Ticket #15133: VBoxHardening.log

File VBoxHardening.log, 404.7 KB (added by ifs, 9 years ago)

hardening file

Line 
12ad4.2910: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
22ad4.2910: \SystemRoot\System32\ntdll.dll:
32ad4.2910: CreationTime: 2016-01-13T05:06:15.071481300Z
42ad4.2910: LastWriteTime: 2015-12-30T19:05:33.659216000Z
52ad4.2910: ChangeTime: 2016-01-14T03:47:38.291208600Z
62ad4.2910: FileAttributes: 0x20
72ad4.2910: Size: 0x1a67c0
82ad4.2910: NT Headers: 0xe0
92ad4.2910: Timestamp: 0x568429e5
102ad4.2910: Machine: 0x8664 - amd64
112ad4.2910: Timestamp: 0x568429e5
122ad4.2910: Image Version: 6.1
132ad4.2910: SizeOfImage: 0x1a9000 (1740800)
142ad4.2910: Resource Dir: 0x14d000 LB 0x5a028
152ad4.2910: ProductName: Microsoft® Windows® Operating System
162ad4.2910: ProductVersion: 6.1.7601.19110
172ad4.2910: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
182ad4.2910: FileDescription: NT Layer DLL
192ad4.2910: \SystemRoot\System32\kernel32.dll:
202ad4.2910: CreationTime: 2016-01-13T05:06:15.327496000Z
212ad4.2910: LastWriteTime: 2015-12-30T18:57:55.730000000Z
222ad4.2910: ChangeTime: 2016-01-14T03:47:38.416008900Z
232ad4.2910: FileAttributes: 0x20
242ad4.2910: Size: 0x11c000
252ad4.2910: NT Headers: 0xe8
262ad4.2910: Timestamp: 0x568429dc
272ad4.2910: Machine: 0x8664 - amd64
282ad4.2910: Timestamp: 0x568429dc
292ad4.2910: Image Version: 6.1
302ad4.2910: SizeOfImage: 0x11f000 (1175552)
312ad4.2910: Resource Dir: 0x116000 LB 0x528
322ad4.2910: ProductName: Microsoft® Windows® Operating System
332ad4.2910: ProductVersion: 6.1.7601.19110
342ad4.2910: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
352ad4.2910: FileDescription: Windows NT BASE API Client DLL
362ad4.2910: \SystemRoot\System32\KernelBase.dll:
372ad4.2910: CreationTime: 2016-01-13T05:06:14.730461800Z
382ad4.2910: LastWriteTime: 2015-12-30T18:57:55.761000000Z
392ad4.2910: ChangeTime: 2016-01-14T03:47:38.416008900Z
402ad4.2910: FileAttributes: 0x20
412ad4.2910: Size: 0x67a00
422ad4.2910: NT Headers: 0xe8
432ad4.2910: Timestamp: 0x568429dd
442ad4.2910: Machine: 0x8664 - amd64
452ad4.2910: Timestamp: 0x568429dd
462ad4.2910: Image Version: 6.1
472ad4.2910: SizeOfImage: 0x6c000 (442368)
482ad4.2910: Resource Dir: 0x6a000 LB 0x530
492ad4.2910: ProductName: Microsoft® Windows® Operating System
502ad4.2910: ProductVersion: 6.1.7601.19110
512ad4.2910: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
522ad4.2910: FileDescription: Windows NT BASE API Client DLL
532ad4.2910: \SystemRoot\System32\apisetschema.dll:
542ad4.2910: CreationTime: 2016-01-13T05:06:14.540450900Z
552ad4.2910: LastWriteTime: 2015-12-30T18:54:58.839000000Z
562ad4.2910: ChangeTime: 2016-01-14T03:47:38.291208600Z
572ad4.2910: FileAttributes: 0x20
582ad4.2910: Size: 0x1a00
592ad4.2910: NT Headers: 0xc0
602ad4.2910: Timestamp: 0x568428c9
612ad4.2910: Machine: 0x8664 - amd64
622ad4.2910: Timestamp: 0x568428c9
632ad4.2910: Image Version: 6.1
642ad4.2910: SizeOfImage: 0x50000 (327680)
652ad4.2910: Resource Dir: 0x30000 LB 0x3f8
662ad4.2910: ProductName: Microsoft® Windows® Operating System
672ad4.2910: ProductVersion: 6.1.7601.19110
682ad4.2910: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
692ad4.2910: FileDescription: ApiSet Schema DLL
702ad4.2910: NtOpenDirectoryObject failed on \Driver: 0xc0000022
712ad4.2910: supR3HardenedWinFindAdversaries: 0x80
722ad4.2910: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
732ad4.2910: CreationTime: 2015-11-06T06:50:12.660752300Z
742ad4.2910: LastWriteTime: 2015-11-06T06:53:14.755687000Z
752ad4.2910: ChangeTime: 2015-11-06T06:53:14.755687000Z
762ad4.2910: FileAttributes: 0x20
772ad4.2910: Size: 0x2eed8
782ad4.2910: NT Headers: 0xe0
792ad4.2910: Timestamp: 0x55b855d9
802ad4.2910: Machine: 0x8664 - amd64
812ad4.2910: Timestamp: 0x55b855d9
822ad4.2910: Image Version: 6.1
832ad4.2910: SizeOfImage: 0x33000 (208896)
842ad4.2910: Resource Dir: 0x31000 LB 0x3b8
852ad4.2910: ProductName: Malwarebytes Anti-Malware
862ad4.2910: ProductVersion: 0.3.0.0
872ad4.2910: FileVersion: 0.3.0.0
882ad4.2910: FileDescription: Malwarebytes Anti-Malware
892ad4.2910: \SystemRoot\System32\drivers\mwac.sys:
902ad4.2910: CreationTime: 2015-11-06T06:49:17.342654200Z
912ad4.2910: LastWriteTime: 2015-10-05T08:50:18.000000000Z
922ad4.2910: ChangeTime: 2016-01-16T08:59:55.454640000Z
932ad4.2910: FileAttributes: 0x20
942ad4.2910: Size: 0xf8d8
952ad4.2910: NT Headers: 0xf8
962ad4.2910: Timestamp: 0x53a0f42a
972ad4.2910: Machine: 0x8664 - amd64
982ad4.2910: Timestamp: 0x53a0f42a
992ad4.2910: Image Version: 6.2
1002ad4.2910: SizeOfImage: 0x12000 (73728)
1012ad4.2910: Resource Dir: 0x10000 LB 0x3e0
1022ad4.2910: ProductName: Malwarebytes Web Access Control
1032ad4.2910: ProductVersion: 1.0.6.0
1042ad4.2910: FileVersion: 1.0.6.0
1052ad4.2910: FileDescription: Malwarebytes Web Access Control
1062ad4.2910: \SystemRoot\System32\drivers\mbamchameleon.sys:
1072ad4.2910: CreationTime: 2015-11-06T06:49:17.342654200Z
1082ad4.2910: LastWriteTime: 2015-10-05T08:50:10.000000000Z
1092ad4.2910: ChangeTime: 2015-11-06T06:52:15.029101200Z
1102ad4.2910: FileAttributes: 0x20
1112ad4.2910: Size: 0x1aad8
1122ad4.2910: NT Headers: 0xd8
1132ad4.2910: Timestamp: 0x55c103c3
1142ad4.2910: Machine: 0x8664 - amd64
1152ad4.2910: Timestamp: 0x55c103c3
1162ad4.2910: Image Version: 6.1
1172ad4.2910: SizeOfImage: 0x1e000 (122880)
1182ad4.2910: Resource Dir: 0x1c000 LB 0xba8
1192ad4.2910: ProductName: Malwarebytes Chameleon
1202ad4.2910: ProductVersion: 1.1.21.0
1212ad4.2910: FileVersion: 1.1.21.0
1222ad4.2910: FileDescription: Malwarebytes Chameleon Protection Driver
1232ad4.2910: \SystemRoot\System32\drivers\mbam.sys:
1242ad4.2910: CreationTime: 2015-11-06T06:49:17.327054200Z
1252ad4.2910: LastWriteTime: 2015-10-05T08:50:06.000000000Z
1262ad4.2910: ChangeTime: 2016-01-16T08:59:55.445639500Z
1272ad4.2910: FileAttributes: 0x20
1282ad4.2910: Size: 0x64d8
1292ad4.2910: NT Headers: 0xd8
1302ad4.2910: Timestamp: 0x55ca3257
1312ad4.2910: Machine: 0x8664 - amd64
1322ad4.2910: Timestamp: 0x55ca3257
1332ad4.2910: Image Version: 6.1
1342ad4.2910: SizeOfImage: 0xa000 (40960)
1352ad4.2910: Resource Dir: 0x8000 LB 0x3a0
1362ad4.2910: ProductName: Malwarebytes Anti-Malware
1372ad4.2910: ProductVersion: 0.1.16.0
1382ad4.2910: FileVersion: 0.1.16.0
1392ad4.2910: FileDescription: Malwarebytes Anti-Malware
1402ad4.2910: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1412ad4.2910: Calling main()
1422ad4.2910: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1432ad4.2910: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1442ad4.2910: SUPR3HardenedMain: Respawn #1
1452ad4.2910: System32: \Device\HarddiskVolume2\Windows\System32
1462ad4.2910: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1472ad4.2910: KnownDllPath: C:\Windows\system32
1482ad4.2910: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1492ad4.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1502ad4.2910: supR3HardNtEnableThreadCreation:
1512ad4.2910: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
1522ad4.2910: supR3HardenedWinDoReSpawn(1): New child 631c.40ec [kernel32].
1532ad4.2910: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
1542ad4.2910: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bb0000 uNtDllChildAddr=0000000077bb0000
1552ad4.2910: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bdb630
1562ad4.2910: supR3HardenedWinSetupChildInit: Start child.
1572ad4.2910: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1582ad4.2910: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 64 sleeps
1592ad4.2910: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1602ad4.2910: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1612ad4.2910: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1622ad4.2910: *0000000000030000-fffffffffff33fff 0x0000/0x0004 0x0020000
1632ad4.2910: 000000000012c000-0000000000128fff 0x0104/0x0004 0x0020000
1642ad4.2910: 000000000012f000-000000000012dfff 0x0004/0x0004 0x0020000
1652ad4.2910: *0000000000130000-000000000012bfff 0x0002/0x0002 0x0040000
1662ad4.2910: 0000000000134000-0000000000127fff 0x0001/0x0000 0x0000000
1672ad4.2910: *0000000000140000-000000000013efff 0x0004/0x0004 0x0020000
1682ad4.2910: 0000000000141000-ffffffff886d1fff 0x0001/0x0000 0x0000000
1692ad4.2910: *0000000077bb0000-0000000077bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1702ad4.2910: 0000000077bb1000-0000000077caefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1712ad4.2910: 0000000077caf000-0000000077cddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1722ad4.2910: 0000000077cde000-0000000077ce5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1732ad4.2910: 0000000077ce6000-0000000077ce6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1742ad4.2910: 0000000077ce7000-0000000077ce9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1752ad4.2910: 0000000077cea000-0000000077d58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1762ad4.2910: 0000000077d59000-0000000070ad1fff 0x0001/0x0000 0x0000000
1772ad4.2910: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1782ad4.2910: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1792ad4.2910: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1802ad4.2910: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
1812ad4.2910: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1822ad4.2910: 000000013f1f1000-000000013f277fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1832ad4.2910: 000000013f278000-000000013f278fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1842ad4.2910: 000000013f279000-000000013f2c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1852ad4.2910: 000000013f2c4000-000000013f2c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1862ad4.2910: 000000013f2c5000-000000013f2c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1872ad4.2910: 000000013f2c6000-000000013f2cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1882ad4.2910: 000000013f2cb000-000000013f2cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1892ad4.2910: 000000013f2cc000-000000013f2ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1902ad4.2910: 000000013f2cd000-000000013f2d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1912ad4.2910: 000000013f2d1000-000000013f31bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1922ad4.2910: 000000013f31c000-fffff8037e767fff 0x0001/0x0000 0x0000000
1932ad4.2910: *000007feffed0000-000007feffed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1942ad4.2910: 000007feffed1000-000007fdffdf1fff 0x0001/0x0000 0x0000000
1952ad4.2910: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1962ad4.2910: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
1972ad4.2910: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
1982ad4.2910: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
1992ad4.2910: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
2002ad4.2910: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2012ad4.2910: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
2022ad4.2910: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
2032ad4.2910: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2042ad4.2910: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2052ad4.2910: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2062ad4.2910: supR3HardNtChildPurify: Done after 538 ms and 0 fixes (loop #0).
207631c.40ec: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
208631c.40ec: supR3HardenedVmProcessInit: uNtDllAddr=0000000077bb0000
2092ad4.2910: supR3HardNtEnableThreadCreation:
210631c.40ec: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
211631c.40ec: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
212631c.40ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
213631c.40ec: System32: \Device\HarddiskVolume2\Windows\System32
214631c.40ec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
215631c.40ec: KnownDllPath: C:\Windows\system32
216631c.40ec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
217631c.40ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
218631c.40ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
219631c.40ec: Registered Dll notification callback with NTDLL.
220631c.40ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
221631c.40ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
222631c.40ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
223631c.40ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
224631c.40ec: supR3HardenedDllNotificationCallback: load 0000000077a90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
225631c.40ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
226631c.40ec: supR3HardenedDllNotificationCallback: load 000007fefdbf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
227631c.40ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
228631c.40ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
229631c.40ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
230631c.40ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
231631c.40ec: \SystemRoot\System32\ntdll.dll:
232631c.40ec: CreationTime: 2016-01-13T05:06:15.071481300Z
233631c.40ec: LastWriteTime: 2015-12-30T19:05:33.659216000Z
234631c.40ec: ChangeTime: 2016-01-14T03:47:38.291208600Z
235631c.40ec: FileAttributes: 0x20
236631c.40ec: Size: 0x1a67c0
237631c.40ec: NT Headers: 0xe0
238631c.40ec: Timestamp: 0x568429e5
239631c.40ec: Machine: 0x8664 - amd64
240631c.40ec: Timestamp: 0x568429e5
241631c.40ec: Image Version: 6.1
242631c.40ec: SizeOfImage: 0x1a9000 (1740800)
243631c.40ec: Resource Dir: 0x14d000 LB 0x5a028
244631c.40ec: ProductName: Microsoft® Windows® Operating System
245631c.40ec: ProductVersion: 6.1.7601.19110
246631c.40ec: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
247631c.40ec: FileDescription: NT Layer DLL
248631c.40ec: \SystemRoot\System32\kernel32.dll:
249631c.40ec: CreationTime: 2016-01-13T05:06:15.327496000Z
2502ad4.2910: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 27 ms.
251631c.40ec: LastWriteTime: 2015-12-30T18:57:55.730000000Z
252631c.40ec: ChangeTime: 2016-01-14T03:47:38.416008900Z
253631c.40ec: FileAttributes: 0x20
254631c.40ec: Size: 0x11c000
255631c.40ec: NT Headers: 0xe8
256631c.40ec: Timestamp: 0x568429dc
257631c.40ec: Machine: 0x8664 - amd64
258631c.40ec: Timestamp: 0x568429dc
259631c.40ec: Image Version: 6.1
260631c.40ec: SizeOfImage: 0x11f000 (1175552)
261631c.40ec: Resource Dir: 0x116000 LB 0x528
262631c.40ec: ProductName: Microsoft® Windows® Operating System
263631c.40ec: ProductVersion: 6.1.7601.19110
264631c.40ec: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
265631c.40ec: FileDescription: Windows NT BASE API Client DLL
266631c.40ec: \SystemRoot\System32\KernelBase.dll:
267631c.40ec: CreationTime: 2016-01-13T05:06:14.730461800Z
268631c.40ec: LastWriteTime: 2015-12-30T18:57:55.761000000Z
269631c.40ec: ChangeTime: 2016-01-14T03:47:38.416008900Z
270631c.40ec: FileAttributes: 0x20
271631c.40ec: Size: 0x67a00
272631c.40ec: NT Headers: 0xe8
273631c.40ec: Timestamp: 0x568429dd
274631c.40ec: Machine: 0x8664 - amd64
275631c.40ec: Timestamp: 0x568429dd
276631c.40ec: Image Version: 6.1
277631c.40ec: SizeOfImage: 0x6c000 (442368)
278631c.40ec: Resource Dir: 0x6a000 LB 0x530
279631c.40ec: ProductName: Microsoft® Windows® Operating System
280631c.40ec: ProductVersion: 6.1.7601.19110
281631c.40ec: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
282631c.40ec: FileDescription: Windows NT BASE API Client DLL
283631c.40ec: \SystemRoot\System32\apisetschema.dll:
284631c.40ec: CreationTime: 2016-01-13T05:06:14.540450900Z
285631c.40ec: LastWriteTime: 2015-12-30T18:54:58.839000000Z
286631c.40ec: ChangeTime: 2016-01-14T03:47:38.291208600Z
287631c.40ec: FileAttributes: 0x20
288631c.40ec: Size: 0x1a00
289631c.40ec: NT Headers: 0xc0
290631c.40ec: Timestamp: 0x568428c9
291631c.40ec: Machine: 0x8664 - amd64
292631c.40ec: Timestamp: 0x568428c9
293631c.40ec: Image Version: 6.1
294631c.40ec: SizeOfImage: 0x50000 (327680)
295631c.40ec: Resource Dir: 0x30000 LB 0x3f8
296631c.40ec: ProductName: Microsoft® Windows® Operating System
297631c.40ec: ProductVersion: 6.1.7601.19110
298631c.40ec: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
299631c.40ec: FileDescription: ApiSet Schema DLL
300631c.40ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
301631c.40ec: supR3HardenedWinFindAdversaries: 0x80
302631c.40ec: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
303631c.40ec: CreationTime: 2015-11-06T06:50:12.660752300Z
304631c.40ec: LastWriteTime: 2015-11-06T06:53:14.755687000Z
305631c.40ec: ChangeTime: 2015-11-06T06:53:14.755687000Z
306631c.40ec: FileAttributes: 0x20
307631c.40ec: Size: 0x2eed8
308631c.40ec: NT Headers: 0xe0
309631c.40ec: Timestamp: 0x55b855d9
310631c.40ec: Machine: 0x8664 - amd64
311631c.40ec: Timestamp: 0x55b855d9
312631c.40ec: Image Version: 6.1
313631c.40ec: SizeOfImage: 0x33000 (208896)
314631c.40ec: Resource Dir: 0x31000 LB 0x3b8
315631c.40ec: ProductName: Malwarebytes Anti-Malware
316631c.40ec: ProductVersion: 0.3.0.0
317631c.40ec: FileVersion: 0.3.0.0
318631c.40ec: FileDescription: Malwarebytes Anti-Malware
319631c.40ec: \SystemRoot\System32\drivers\mwac.sys:
320631c.40ec: CreationTime: 2015-11-06T06:49:17.342654200Z
321631c.40ec: LastWriteTime: 2015-10-05T08:50:18.000000000Z
322631c.40ec: ChangeTime: 2016-01-16T08:59:55.454640000Z
323631c.40ec: FileAttributes: 0x20
324631c.40ec: Size: 0xf8d8
325631c.40ec: NT Headers: 0xf8
326631c.40ec: Timestamp: 0x53a0f42a
327631c.40ec: Machine: 0x8664 - amd64
328631c.40ec: Timestamp: 0x53a0f42a
329631c.40ec: Image Version: 6.2
330631c.40ec: SizeOfImage: 0x12000 (73728)
331631c.40ec: Resource Dir: 0x10000 LB 0x3e0
332631c.40ec: ProductName: Malwarebytes Web Access Control
333631c.40ec: ProductVersion: 1.0.6.0
334631c.40ec: FileVersion: 1.0.6.0
335631c.40ec: FileDescription: Malwarebytes Web Access Control
336631c.40ec: \SystemRoot\System32\drivers\mbamchameleon.sys:
337631c.40ec: CreationTime: 2015-11-06T06:49:17.342654200Z
338631c.40ec: LastWriteTime: 2015-10-05T08:50:10.000000000Z
339631c.40ec: ChangeTime: 2015-11-06T06:52:15.029101200Z
340631c.40ec: FileAttributes: 0x20
341631c.40ec: Size: 0x1aad8
342631c.40ec: NT Headers: 0xd8
343631c.40ec: Timestamp: 0x55c103c3
344631c.40ec: Machine: 0x8664 - amd64
345631c.40ec: Timestamp: 0x55c103c3
346631c.40ec: Image Version: 6.1
347631c.40ec: SizeOfImage: 0x1e000 (122880)
348631c.40ec: Resource Dir: 0x1c000 LB 0xba8
349631c.40ec: ProductName: Malwarebytes Chameleon
350631c.40ec: ProductVersion: 1.1.21.0
351631c.40ec: FileVersion: 1.1.21.0
352631c.40ec: FileDescription: Malwarebytes Chameleon Protection Driver
353631c.40ec: \SystemRoot\System32\drivers\mbam.sys:
354631c.40ec: CreationTime: 2015-11-06T06:49:17.327054200Z
355631c.40ec: LastWriteTime: 2015-10-05T08:50:06.000000000Z
356631c.40ec: ChangeTime: 2016-01-16T08:59:55.445639500Z
357631c.40ec: FileAttributes: 0x20
358631c.40ec: Size: 0x64d8
359631c.40ec: NT Headers: 0xd8
360631c.40ec: Timestamp: 0x55ca3257
361631c.40ec: Machine: 0x8664 - amd64
362631c.40ec: Timestamp: 0x55ca3257
363631c.40ec: Image Version: 6.1
364631c.40ec: SizeOfImage: 0xa000 (40960)
365631c.40ec: Resource Dir: 0x8000 LB 0x3a0
366631c.40ec: ProductName: Malwarebytes Anti-Malware
367631c.40ec: ProductVersion: 0.1.16.0
368631c.40ec: FileVersion: 0.1.16.0
369631c.40ec: FileDescription: Malwarebytes Anti-Malware
370631c.40ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
371631c.40ec: Calling main()
372631c.40ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
373631c.40ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
374631c.40ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
375631c.40ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
376631c.40ec: SUPR3HardenedMain: Respawn #2
377631c.40ec: supR3HardNtEnableThreadCreation:
378631c.40ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
379631c.40ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
380631c.40ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
381631c.40ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
382631c.40ec: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
383631c.40ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
384631c.40ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\Windows\system32\apphelp.dll'
385631c.40ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
386631c.40ec: supR3HardenedWinDoReSpawn(2): New child 3bec.2f14 [kernel32].
387631c.40ec: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
388631c.40ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bb0000 uNtDllChildAddr=0000000077bb0000
389631c.40ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bdb630
390631c.40ec: supR3HardenedWinSetupChildInit: Start child.
391631c.40ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
392631c.40ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
393631c.40ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
394631c.40ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
395631c.40ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
396631c.40ec: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
397631c.40ec: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
398631c.40ec: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
399631c.40ec: 0000000000041000-ffffffffffef1fff 0x0001/0x0000 0x0000000
400631c.40ec: *0000000000190000-0000000000093fff 0x0000/0x0004 0x0020000
401631c.40ec: 000000000028c000-0000000000288fff 0x0104/0x0004 0x0020000
402631c.40ec: 000000000028f000-000000000028dfff 0x0004/0x0004 0x0020000
403631c.40ec: 0000000000290000-ffffffff8896ffff 0x0001/0x0000 0x0000000
404631c.40ec: *0000000077bb0000-0000000077bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405631c.40ec: 0000000077bb1000-0000000077caefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406631c.40ec: 0000000077caf000-0000000077cddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
407631c.40ec: 0000000077cde000-0000000077ce5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
408631c.40ec: 0000000077ce6000-0000000077ce6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
409631c.40ec: 0000000077ce7000-0000000077ce9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
410631c.40ec: 0000000077cea000-0000000077d58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
411631c.40ec: 0000000077d59000-0000000070ad1fff 0x0001/0x0000 0x0000000
412631c.40ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
413631c.40ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
414631c.40ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
415631c.40ec: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
416631c.40ec: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
417631c.40ec: 000000013f1f1000-000000013f277fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
418631c.40ec: 000000013f278000-000000013f278fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
419631c.40ec: 000000013f279000-000000013f2c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
420631c.40ec: 000000013f2c4000-000000013f2c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
421631c.40ec: 000000013f2c5000-000000013f2c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
422631c.40ec: 000000013f2c6000-000000013f2cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
423631c.40ec: 000000013f2cb000-000000013f2cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
424631c.40ec: 000000013f2cc000-000000013f2ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
425631c.40ec: 000000013f2cd000-000000013f2d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
426631c.40ec: 000000013f2d1000-000000013f31bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
427631c.40ec: 000000013f31c000-fffff8037e767fff 0x0001/0x0000 0x0000000
428631c.40ec: *000007feffed0000-000007feffed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
429631c.40ec: 000007feffed1000-000007fdffdf1fff 0x0001/0x0000 0x0000000
430631c.40ec: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
431631c.40ec: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
432631c.40ec: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
433631c.40ec: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
434631c.40ec: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
435631c.40ec: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
436631c.40ec: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
437631c.40ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
438631c.40ec: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
439631c.40ec: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
440631c.40ec: supR3HardNtChildPurify: Done after 552 ms and 0 fixes (loop #0).
4413bec.2f14: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
4423bec.2f14: supR3HardenedVmProcessInit: uNtDllAddr=0000000077bb0000
443631c.40ec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
444631c.40ec: supR3HardNtEnableThreadCreation:
4453bec.2f14: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
4463bec.2f14: New simple heap: #1 0000000000290000 LB 0x400000 (for 1740800 allocation)
4473bec.2f14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4483bec.2f14: System32: \Device\HarddiskVolume2\Windows\System32
4493bec.2f14: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
4503bec.2f14: KnownDllPath: C:\Windows\system32
4513bec.2f14: supR3HardenedVmProcessInit: Opening vboxdrv...
4523bec.2f14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4533bec.2f14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4543bec.2f14: Registered Dll notification callback with NTDLL.
4553bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4563bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4573bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4583bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4593bec.2f14: supR3HardenedDllNotificationCallback: load 0000000077a90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4603bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4613bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdbf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4623bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4633bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4643bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
4653bec.2f14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
466631c.40ec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 50 ms.
4673bec.2f14: \SystemRoot\System32\ntdll.dll:
4683bec.2f14: CreationTime: 2016-01-13T05:06:15.071481300Z
4693bec.2f14: LastWriteTime: 2015-12-30T19:05:33.659216000Z
4703bec.2f14: ChangeTime: 2016-01-14T03:47:38.291208600Z
4713bec.2f14: FileAttributes: 0x20
4723bec.2f14: Size: 0x1a67c0
4733bec.2f14: NT Headers: 0xe0
4743bec.2f14: Timestamp: 0x568429e5
4753bec.2f14: Machine: 0x8664 - amd64
4763bec.2f14: Timestamp: 0x568429e5
4773bec.2f14: Image Version: 6.1
4783bec.2f14: SizeOfImage: 0x1a9000 (1740800)
4793bec.2f14: Resource Dir: 0x14d000 LB 0x5a028
4803bec.2f14: ProductName: Microsoft® Windows® Operating System
4813bec.2f14: ProductVersion: 6.1.7601.19110
4823bec.2f14: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4833bec.2f14: FileDescription: NT Layer DLL
4843bec.2f14: \SystemRoot\System32\kernel32.dll:
4853bec.2f14: CreationTime: 2016-01-13T05:06:15.327496000Z
4863bec.2f14: LastWriteTime: 2015-12-30T18:57:55.730000000Z
4873bec.2f14: ChangeTime: 2016-01-14T03:47:38.416008900Z
4883bec.2f14: FileAttributes: 0x20
4893bec.2f14: Size: 0x11c000
4903bec.2f14: NT Headers: 0xe8
4913bec.2f14: Timestamp: 0x568429dc
4923bec.2f14: Machine: 0x8664 - amd64
4933bec.2f14: Timestamp: 0x568429dc
4943bec.2f14: Image Version: 6.1
4953bec.2f14: SizeOfImage: 0x11f000 (1175552)
4963bec.2f14: Resource Dir: 0x116000 LB 0x528
4973bec.2f14: ProductName: Microsoft® Windows® Operating System
4983bec.2f14: ProductVersion: 6.1.7601.19110
4993bec.2f14: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5003bec.2f14: FileDescription: Windows NT BASE API Client DLL
5013bec.2f14: \SystemRoot\System32\KernelBase.dll:
5023bec.2f14: CreationTime: 2016-01-13T05:06:14.730461800Z
5033bec.2f14: LastWriteTime: 2015-12-30T18:57:55.761000000Z
5043bec.2f14: ChangeTime: 2016-01-14T03:47:38.416008900Z
5053bec.2f14: FileAttributes: 0x20
5063bec.2f14: Size: 0x67a00
5073bec.2f14: NT Headers: 0xe8
5083bec.2f14: Timestamp: 0x568429dd
5093bec.2f14: Machine: 0x8664 - amd64
5103bec.2f14: Timestamp: 0x568429dd
5113bec.2f14: Image Version: 6.1
5123bec.2f14: SizeOfImage: 0x6c000 (442368)
5133bec.2f14: Resource Dir: 0x6a000 LB 0x530
5143bec.2f14: ProductName: Microsoft® Windows® Operating System
5153bec.2f14: ProductVersion: 6.1.7601.19110
5163bec.2f14: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5173bec.2f14: FileDescription: Windows NT BASE API Client DLL
5183bec.2f14: \SystemRoot\System32\apisetschema.dll:
5193bec.2f14: CreationTime: 2016-01-13T05:06:14.540450900Z
5203bec.2f14: LastWriteTime: 2015-12-30T18:54:58.839000000Z
5213bec.2f14: ChangeTime: 2016-01-14T03:47:38.291208600Z
5223bec.2f14: FileAttributes: 0x20
5233bec.2f14: Size: 0x1a00
5243bec.2f14: NT Headers: 0xc0
5253bec.2f14: Timestamp: 0x568428c9
5263bec.2f14: Machine: 0x8664 - amd64
5273bec.2f14: Timestamp: 0x568428c9
5283bec.2f14: Image Version: 6.1
5293bec.2f14: SizeOfImage: 0x50000 (327680)
5303bec.2f14: Resource Dir: 0x30000 LB 0x3f8
5313bec.2f14: ProductName: Microsoft® Windows® Operating System
5323bec.2f14: ProductVersion: 6.1.7601.19110
5333bec.2f14: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5343bec.2f14: FileDescription: ApiSet Schema DLL
5353bec.2f14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5363bec.2f14: supR3HardenedWinFindAdversaries: 0x80
5373bec.2f14: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5383bec.2f14: CreationTime: 2015-11-06T06:50:12.660752300Z
5393bec.2f14: LastWriteTime: 2015-11-06T06:53:14.755687000Z
5403bec.2f14: ChangeTime: 2015-11-06T06:53:14.755687000Z
5413bec.2f14: FileAttributes: 0x20
5423bec.2f14: Size: 0x2eed8
5433bec.2f14: NT Headers: 0xe0
5443bec.2f14: Timestamp: 0x55b855d9
5453bec.2f14: Machine: 0x8664 - amd64
5463bec.2f14: Timestamp: 0x55b855d9
5473bec.2f14: Image Version: 6.1
5483bec.2f14: SizeOfImage: 0x33000 (208896)
5493bec.2f14: Resource Dir: 0x31000 LB 0x3b8
5503bec.2f14: ProductName: Malwarebytes Anti-Malware
5513bec.2f14: ProductVersion: 0.3.0.0
5523bec.2f14: FileVersion: 0.3.0.0
5533bec.2f14: FileDescription: Malwarebytes Anti-Malware
5543bec.2f14: \SystemRoot\System32\drivers\mwac.sys:
5553bec.2f14: CreationTime: 2015-11-06T06:49:17.342654200Z
5563bec.2f14: LastWriteTime: 2015-10-05T08:50:18.000000000Z
5573bec.2f14: ChangeTime: 2016-01-16T08:59:55.454640000Z
5583bec.2f14: FileAttributes: 0x20
5593bec.2f14: Size: 0xf8d8
5603bec.2f14: NT Headers: 0xf8
5613bec.2f14: Timestamp: 0x53a0f42a
5623bec.2f14: Machine: 0x8664 - amd64
5633bec.2f14: Timestamp: 0x53a0f42a
5643bec.2f14: Image Version: 6.2
5653bec.2f14: SizeOfImage: 0x12000 (73728)
5663bec.2f14: Resource Dir: 0x10000 LB 0x3e0
5673bec.2f14: ProductName: Malwarebytes Web Access Control
5683bec.2f14: ProductVersion: 1.0.6.0
5693bec.2f14: FileVersion: 1.0.6.0
5703bec.2f14: FileDescription: Malwarebytes Web Access Control
5713bec.2f14: \SystemRoot\System32\drivers\mbamchameleon.sys:
5723bec.2f14: CreationTime: 2015-11-06T06:49:17.342654200Z
5733bec.2f14: LastWriteTime: 2015-10-05T08:50:10.000000000Z
5743bec.2f14: ChangeTime: 2015-11-06T06:52:15.029101200Z
5753bec.2f14: FileAttributes: 0x20
5763bec.2f14: Size: 0x1aad8
5773bec.2f14: NT Headers: 0xd8
5783bec.2f14: Timestamp: 0x55c103c3
5793bec.2f14: Machine: 0x8664 - amd64
5803bec.2f14: Timestamp: 0x55c103c3
5813bec.2f14: Image Version: 6.1
5823bec.2f14: SizeOfImage: 0x1e000 (122880)
5833bec.2f14: Resource Dir: 0x1c000 LB 0xba8
5843bec.2f14: ProductName: Malwarebytes Chameleon
5853bec.2f14: ProductVersion: 1.1.21.0
5863bec.2f14: FileVersion: 1.1.21.0
5873bec.2f14: FileDescription: Malwarebytes Chameleon Protection Driver
5883bec.2f14: \SystemRoot\System32\drivers\mbam.sys:
5893bec.2f14: CreationTime: 2015-11-06T06:49:17.327054200Z
5903bec.2f14: LastWriteTime: 2015-10-05T08:50:06.000000000Z
5913bec.2f14: ChangeTime: 2016-01-16T08:59:55.445639500Z
5923bec.2f14: FileAttributes: 0x20
5933bec.2f14: Size: 0x64d8
5943bec.2f14: NT Headers: 0xd8
5953bec.2f14: Timestamp: 0x55ca3257
5963bec.2f14: Machine: 0x8664 - amd64
5973bec.2f14: Timestamp: 0x55ca3257
5983bec.2f14: Image Version: 6.1
5993bec.2f14: SizeOfImage: 0xa000 (40960)
6003bec.2f14: Resource Dir: 0x8000 LB 0x3a0
6013bec.2f14: ProductName: Malwarebytes Anti-Malware
6023bec.2f14: ProductVersion: 0.1.16.0
6033bec.2f14: FileVersion: 0.1.16.0
6043bec.2f14: FileDescription: Malwarebytes Anti-Malware
6053bec.2f14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6063bec.2f14: Calling main()
6073bec.2f14: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6083bec.2f14: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6093bec.2f14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6103bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6113bec.2f14: SUPR3HardenedMain: Final process, opening VBoxDrv...
6123bec.2f14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
6133bec.2f14: supR3HardNtEnableThreadCreation:
6143bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6153bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6163bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4300:C:\Windows\system32 [calling]
6173bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6183bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef98e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6193bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6203bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6213bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6223bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6233bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6243bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6253bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6263bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6273bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6283bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
6293bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6303bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
6313bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
6323bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
6333bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6353bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6363bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6373bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6383bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6393bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6403bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6413bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6423bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6433bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6453bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6463bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6493bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
6503bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
6513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6533bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6543bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6563bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6573bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4300:C:\Windows\system32 [calling]
6583bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6593bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
6603bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6613bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff7f0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
6623bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6633bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd9d0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
6643bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6653bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
6663bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6673bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff6c0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
6683bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6693bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
6703bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6713bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6723bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008098b0:C:\Windows\system32 [calling]
6733bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6743bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
6753bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6763bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
6773bec.2f14: bcrypt.dll loaded at 000007fefd2e0000, BCryptOpenAlgorithmProvider at 000007fefd2e2640, preloading providers:
6783bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6793bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
6803bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
6813bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
6823bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6833bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6843bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6853bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6863bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6873bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6883bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6893bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6903bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6913bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6923bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6933bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6953bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6963bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6973bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6983bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6993bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
7003bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7013bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe0e0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
7023bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
7043bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
7053bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
7063bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
7073bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdf20000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
7083bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7093bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\bcryptprimitives.dll'
7103bec.2f14: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000080af90)
7113bec.2f14: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000080de50)
7123bec.2f14: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000080df70)
7133bec.2f14: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000080e180)
7143bec.2f14: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000080e2a0)
7153bec.2f14: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000080e3c0)
7163bec.2f14: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000080e600)
7173bec.2f14: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000080e720)
7183bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
7193bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
7203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7223bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7253bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7263bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7273bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7283bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
7293bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7303bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
7313bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7323bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
7333bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7353bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7363bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7373bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7383bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7393bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
7403bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7413bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\rsaenh.dll'
7423bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7433bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7443bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
7453bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
7463bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
7473bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7483bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7493bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd7f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
7503bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7513bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
7523bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7533bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7543bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
7553bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7563bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7573bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\WINTRUST.DLL'
7583bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7593bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7603bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\CRYPT32.dll'
7613bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7623bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
7633bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
7643bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
7653bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7663bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7673bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7683bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7693bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7703bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7713bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7723bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7733bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe0c0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
7743bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7753bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0c0000 'C:\Windows\system32\imagehlp.dll'
7763bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7773bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7783bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
7793bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7803bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
7813bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
7823bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7833bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7843bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7853bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7863bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
7873bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
7883bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7893bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7903bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7913bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7923bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7933bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
7943bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
7953bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7963bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7973bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7983bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7993bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
8003bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8013bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
8023bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
8033bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
8043bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
8053bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8063bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8073bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8103bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8133bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8143bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8153bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8163bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8183bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8193bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8203bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8213bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8223bec.2f14: supR3HardenedDllNotificationCallback: load 0000000077990000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
8233bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8243bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe370000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
8253bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8263bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff430000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
8273bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
8283bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
8293bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
8303bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8313bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8323bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\gdi32.dll'
8333bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
8343bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
8353bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
8363bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
8373bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
8383bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
8393bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
8403bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8413bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
8423bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
8433bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
8443bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
8453bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
8463bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8483bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8513bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
8533bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
8543bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8563bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8573bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8583bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8593bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8603bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8613bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8623bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8633bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8643bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8653bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8663bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
8673bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8683bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe1c0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
8693bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
8703bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\IMM32.DLL'
8713bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\USER32.dll'
8723bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
8733bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8743bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
8753bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
8763bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
8773bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8783bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8793bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8803bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8813bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8823bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8833bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8843bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8853bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8863bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8873bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8883bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
8893bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8903bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\ncrypt.dll'
8913bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8923bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8933bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
8943bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8953bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
8963bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8973bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
8983bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
8993bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
9003bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
9013bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9023bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9033bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9043bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9053bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9063bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9093bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9103bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9123bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9133bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9143bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9153bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdc70000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
9163bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9173bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd960000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
9183bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9193bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc70000 'C:\Windows\system32\USERENV.dll'
9203bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9213bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9223bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9233bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9243bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9253bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
9263bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9273bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9283bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9303bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9313bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9323bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9333bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9343bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9353bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9363bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
9373bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9383bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\Windows\system32\GPAPI.dll'
9393bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9403bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9413bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9423bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9433bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\rpcrt4.dll'
9443bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9453bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L2-1-0.dll'
9463bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9473bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9483bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9493bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
9503bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
9513bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
9523bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9533bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9543bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
9553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
9563bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9573bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
9583bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9593bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9603bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9613bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9623bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9633bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9643bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9653bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9663bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9673bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9683bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9693bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9703bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9713bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9723bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9733bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefb090000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
9743bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9753bec.2f14: supR3HardenedDllNotificationCallback: load 000007feffb10000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
9763bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
9773bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9783bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9793bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9803bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9813bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9823bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9833bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9843bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9853bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9863bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9873bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9883bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9893bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9903bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9913bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9923bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9933bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9943bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9953bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9963bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9973bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9983bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9993bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10003bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10013bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10023bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10033bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10043bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10053bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10063bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10073bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10083bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10093bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10103bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10113bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10123bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\profapi.dll'
10133bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10143bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10153bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10163bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10173bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10183bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10193bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10203bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10223bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10233bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10253bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10263bec.2f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10273bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10283bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10293bec.2f14: supR3HardenedDllNotificationCallback: load 000007feffe40000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
10303bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10313bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffe40000 'C:\Windows\system32\SHLWAPI.dll'
10323bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10333bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000080aeb0
10343bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10353bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=99113493CCEA6CE03AD58304FCE46D35B665BC85
10363bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10373bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10383bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10393bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
10403bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10413bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
10423bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10433bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10443bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
10453bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10463bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10473bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10483bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10493bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
10503bec.2f14: g_pfnWinVerifyTrust=000007fefd971010
10513bec.2f14: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10523bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
10533bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10543bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10553bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
10563bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10573bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10583bec.2f14: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10593bec.2f14: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10603bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
10613bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10623bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10633bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
10643bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10653bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10663bec.2f14: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10673bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10683bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10693bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10703bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
10713bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10723bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10733bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10743bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
10753bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10763bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10773bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
10783bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10793bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10803bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10813bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10823bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10833bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10843bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
10853bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10863bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10873bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10883bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
10893bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10903bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10913bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
10923bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10933bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10943bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10953bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
10963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
10973bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
10983bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10993bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11013bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11023bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
11033bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11043bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11053bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
11063bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
11073bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11083bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
11093bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
11103bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11113bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11123bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF6214D5B4EE4D004FA11B4426B0E781D4E918A9
11133bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
11143bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11153bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
11163bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
11173bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11183bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11193bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
11203bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11213bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11223bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11233bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
11243bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11253bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11263bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
11273bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11283bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11293bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11303bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
11313bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11323bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11333bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
11343bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11353bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11363bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11373bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
11383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
11413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11423bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11433bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11443bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
11453bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11463bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11473bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
11483bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11493bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11503bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11513bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
11523bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11533bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11543bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
11553bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
11563bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11573bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11583bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
11593bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11603bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11613bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
11623bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11633bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11643bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11653bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11663bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11673bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11683bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369CA0A282E9201E8C3399DEF1010F6DC0676FA
11693bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11703bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11713bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11723bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11733bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11743bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11753bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11763bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
11773bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11783bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11793bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11803bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
11813bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11823bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11833bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
11843bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11853bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11863bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11873bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
11883bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11893bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11903bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6964F437558F504725B2BE66A35240231044644F
11913bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11923bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11933bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11943bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11953bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
11973bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
11983bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
11993bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
12003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12013bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
12023bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12033bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12043bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12053bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
12063bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
12073bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12083bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
12093bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
12103bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12113bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12123bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
12133bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
12143bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12153bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
12163bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12173bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12183bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12193bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA2C80E31A4EEBFA49ACC284D4C1B701145978CB
12203bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12213bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12223bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12233bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12243bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
12253bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12263bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12273bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=345936918DE59E26BE1BF613500ED5E48C26873F
12283bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12293bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12303bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12313bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
12323bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12333bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12343bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B3709F99BA1F5F78D42BD62B72E557388B5AE0
12353bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12363bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12373bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12383bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12393bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000088d820:C:\Windows\system32 [calling]
12403bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\crypt32.dll'
12413bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xfd4d9b684e26d000 CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
12423bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12433bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12443bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12453bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12463bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12473bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12483bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12493bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12503bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12513bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12523bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
12533bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12543bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12553bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12563bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12573bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
12583bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12593bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12603bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12613bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12623bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12633bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12643bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12653bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12663bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
12673bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
12683bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12693bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12703bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
12713bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12723bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12733bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12743bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
12753bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12763bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12773bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12783bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12793bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12803bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12813bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
12823bec.2f14: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12833bec.2f14: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
12843bec.2f14: SUPR3HardenedMain: Load Runtime...
12853bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12863bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12873bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12883bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12893bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12903bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12913bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12923bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12933bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12953bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12973bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
12983bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
12993bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
13003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
13013bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13023bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
13043bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
13053bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
13063bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13093bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13103bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
13113bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13133bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13143bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13153bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13163bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13183bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13193bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
13203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
13213bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
13223bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
13233bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
13243bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
13253bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
13263bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13273bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
13283bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
13293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13303bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13313bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13323bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13333bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13343bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13353bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
13363bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13373bec.2f14: supR3HardenedDllNotificationCallback: load 000007fee3780000 LB 0x00562000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13383bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13393bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13403bec.2f14: supR3HardenedDllNotificationCallback: load 0000000054210000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13413bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13423bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13433bec.2f14: supR3HardenedDllNotificationCallback: load 00000000543a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13443bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13453bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff440000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
13463bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13473bec.2f14: supR3HardenedDllNotificationCallback: load 000007feffb00000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
13483bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
13493bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13503bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13513bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13523bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13533bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13543bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13553bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13563bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13573bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13583bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13593bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13603bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13613bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13623bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13633bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13643bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13653bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13663bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13673bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13683bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13693bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13703bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13713bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13723bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13733bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13743bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13753bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13763bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13773bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13783bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13793bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13803bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13813bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13823bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13833bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13843bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13853bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13863bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13873bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13883bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13893bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13903bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13913bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13923bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13933bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c4b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13943bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13953bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13963bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13973bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13983bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
13993bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000088dfe0:C:\Windows\system32 [calling]
14003bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
14013bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14023bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000088dfe0:C:\Windows\system32 [calling]
14033bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\crypt32.dll'
14043bec.2f14: SUPR3HardenedMain: Load TrustedMain...
14053bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14063bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
14073bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
14083bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14093bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
14103bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
14113bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
14123bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14133bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14143bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
14153bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
14163bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
14173bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
14183bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
14193bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
14203bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
14213bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14223bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
14233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
14243bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
14253bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
14263bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
14273bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
14283bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
14293bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14303bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14313bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14323bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
14333bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
14343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
14353bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
14363bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14373bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
14383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
14393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
14403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
14413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14423bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14433bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
14443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14453bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14463bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
14473bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
14483bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
14493bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14523bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14533bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
14543bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
14553bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
14563bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
14573bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14583bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14593bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14603bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14613bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14623bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14633bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
14643bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14653bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14663bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14673bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
14683bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
14693bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
14703bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
14713bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
14723bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14733bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14743bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14753bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14763bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14773bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
14783bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
14793bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14803bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14813bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
14823bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
14833bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
14843bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
14853bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
14863bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14873bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14883bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14893bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14903bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14913bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14923bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14933bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14953bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14963bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14973bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14983bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14993bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15003bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15013bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
15023bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
15033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15043bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
15053bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15063bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
15073bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
15083bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
15093bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
15103bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
15113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
15123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
15133bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15143bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
15153bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
15163bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
15173bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
15183bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
15193bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
15203bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15213bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
15223bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
15233bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
15243bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
15253bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
15263bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
15273bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
15283bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15303bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15313bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
15323bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15333bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
15343bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15353bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15363bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
15373bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15383bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15393bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15403bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15413bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15423bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15433bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15443bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15453bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15463bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15483bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
15493bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
15503bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
15513bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
15523bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15533bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15543bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15553bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15563bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15573bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
15583bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
15593bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15603bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
15613bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15623bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15633bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15643bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15653bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15663bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
15673bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
15683bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
15693bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15703bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
15713bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15723bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15733bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15743bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15753bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15763bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15773bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15783bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
15793bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
15803bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15813bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15823bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
15833bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
15843bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
15853bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15863bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
15873bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15883bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15893bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15903bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15913bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
15923bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15933bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15953bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15963bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15973bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15983bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15993bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16003bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16013bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16023bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16033bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16043bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16053bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16063bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16083bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16103bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16113bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16133bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16143bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16153bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16163bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16183bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16193bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16223bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16253bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16263bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16273bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16283bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16303bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16313bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16323bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16333bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16353bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16363bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16373bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
16393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
16403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
16413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16423bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
16433bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16453bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16463bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16473bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
16483bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16513bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16533bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16543bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
16553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16563bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16573bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16583bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16593bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16603bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16613bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16623bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16633bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16643bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16653bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16663bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16673bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16683bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16693bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
16703bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
16713bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16723bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16733bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16743bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16753bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16763bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16773bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16783bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16793bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16803bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16813bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16823bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16833bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16843bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16853bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16863bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16873bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16883bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16893bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16903bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16913bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16923bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16933bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16953bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16963bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16973bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16983bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16993bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17003bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
17013bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17023bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17033bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17043bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17053bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17063bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17073bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17103bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17133bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
17143bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
17153bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
17163bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
17173bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
17183bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17193bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17203bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17213bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17223bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
17233bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
17243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17253bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17263bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17273bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17283bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17303bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17313bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17323bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17333bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17353bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17363bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17373bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17383bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17393bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17403bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17413bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17423bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17433bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17443bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17453bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17463bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17533bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17543bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17563bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17573bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17583bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17593bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17603bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
17613bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
17623bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
17633bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17643bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17653bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17663bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17673bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17683bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
17693bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17703bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17713bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17723bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
17733bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
17743bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
17753bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
17763bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
17773bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17783bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17793bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17803bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17813bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17823bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17833bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17843bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17853bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
17863bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17873bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17883bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17893bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17903bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17913bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17923bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
17933bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
17943bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
17953bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17973bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17983bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17993bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18003bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
18013bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18023bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18033bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18043bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18053bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18063bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18103bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
18133bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
18143bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
18153bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
18163bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
18173bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
18183bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
18193bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18203bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18213bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
18223bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
18233bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
18243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18253bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18263bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18273bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18283bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18293bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18303bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18313bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18323bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18333bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18343bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18353bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18363bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18373bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
18393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
18403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
18413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
18423bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18433bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18453bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18463bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
18473bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18533bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18543bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18553bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18563bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18573bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18583bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18593bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18603bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18613bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18623bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18633bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18643bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18653bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
18663bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18673bec.2f14: supR3HardenedDllNotificationCallback: load 000007fee1040000 LB 0x00abe000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18683bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18693bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18703bec.2f14: supR3HardenedDllNotificationCallback: load 000007feebc30000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
18713bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18723bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18733bec.2f14: supR3HardenedDllNotificationCallback: load 000007feedfa0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
18743bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18753bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18763bec.2f14: supR3HardenedDllNotificationCallback: load 000007feeade0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
18773bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18783bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18793bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefa4d0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
18803bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18813bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff170000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
18823bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
18833bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
18843bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18853bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff350000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
18863bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18873bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefdd10000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
18883bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18893bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
18903bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
18913bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18923bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef9fc0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18933bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18943bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18953bec.2f14: supR3HardenedDllNotificationCallback: load 00000000522f0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
18963bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18973bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18983bec.2f14: supR3HardenedDllNotificationCallback: load 0000000064cd0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
18993bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
19003bec.2f14: supR3HardenedDllNotificationCallback: load 000007feff620000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
19013bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19023bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19043bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19053bec.2f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
19063bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
19073bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef9410000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
19083bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
19093bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe3e0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
19103bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19113bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19123bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
19133bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19143bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
19153bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef9090000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
19163bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
19173bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19183bec.2f14: supR3HardenedDllNotificationCallback: load 0000000052930000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
19193bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19203bec.2f14: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
19213bec.2f14: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
19223bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19253bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19263bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19273bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19283bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19293bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000833db0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19303bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\imm32.dll'
19313bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1040000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19323bec.2f14: SUPR3HardenedMain: Calling TrustedMain (000007fee10410d0)...
19333bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19343bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19353bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
19363bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19373bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
19383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
19393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
19403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19423bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19433bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19453bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19463bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19523bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19533bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c69010:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19543bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19553bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefa3c0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
19563bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19573bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19583bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19593bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c69010:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19603bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19613bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19623bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c69dd0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19633bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19643bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19653bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c69dd0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19663bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19673bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19683bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19693bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9fc0000 'C:\Windows\system32\dwmapi.dll'
19703bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
19713bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19723bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
19733bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19743bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19753bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\shell32.dll'
19763bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19773bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19783bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
19793bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19803bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19813bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19823bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19833bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19843bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19853bec.2f14: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19863bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19873bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
19883bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
19893bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19903bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19913bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19923bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
19933bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\advapi32.dll'
19943bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19953bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19963bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc70000 'C:\Windows\system32\userenv.dll'
19973bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19983bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19993bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
20003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20013bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
20023bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
20033bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
20043bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
20053bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20063bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20073bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20083bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20093bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20103bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20113bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20123bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
20133bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20143bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20153bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20163bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20183bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20193bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20223bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20253bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20263bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20273bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20283bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20293bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20303bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20313bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefe2d0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
20323bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20333bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2d0000 'C:\Windows\system32\CLBCatQ.DLL'
20343bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
20353bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
20363bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000833f60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20373bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
20383bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20393bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
20403bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
20413bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20423bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20433bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20443bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20453bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20463bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20493bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000833f60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20503bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20513bec.2f14: supR3HardenedDllNotificationCallback: load 000007fefd8a0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
20523bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20533bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\RpcRtRemote.dll'
20543bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20553bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20563bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
20573bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
20583bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
20593bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
20603bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
20613bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
20623bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
20633bec.3c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20643bec.3c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20653bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20663bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20673bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20683bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20693bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20703bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20713bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20723bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20733bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20743bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
20753bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
20763bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
20773bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
20783bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
20793bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
20803bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
20813bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20823bec.3c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20833bec.3c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
20843bec.3c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
20853bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20863bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20873bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20883bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20893bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20903bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
20913bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
20923bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000674 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
20933bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
20943bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
20953bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
20963bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
20973bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20983bec.3c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
20993bec.3c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
21003bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21013bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21023bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21033bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21043bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21053bec.3c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21063bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21073bec.3c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21083bec.3c68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000863fc0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21093bec.3c68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21103bec.3c68: supR3HardenedDllNotificationCallback: load 000007fee0a60000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21113bec.3c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21123bec.3c68: supR3HardenedDllNotificationCallback: load 0000000077d80000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
21133bec.3c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
21143bec.3c68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21153bec.3c68: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
21163bec.3c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21173bec.3c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0a60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21183bec.3c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21193bec.3c68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c69dd0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21203bec.3c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\oleaut32.dll'
21213bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
21223bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
21233bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
21243bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
21253bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
21263bec.3c68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21273bec.3c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
21283bec.3c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
21293bec.3c68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834500:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21303bec.3c68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
21313bec.3c68: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
21323bec.3c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
21333bec.3c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\SXS.DLL'
21343bec.3c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
21353bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21363bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834980:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21373bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
21383bec.2f14: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
21393bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000507fea0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21403bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
21413bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\gdi32.dll'
21423bec.4040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21433bec.4040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21443bec.4040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
21453bec.4040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21463bec.4040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21473bec.4040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21483bec.4040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21493bec.4040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21503bec.4040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ee40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21513bec.4040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21523bec.4040: supR3HardenedDllNotificationCallback: load 000007fef98d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
21533bec.4040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21543bec.4040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
21553bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
21563bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21573bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008348f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21583bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\shell32.dll'
21593bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21603bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21613bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21623bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21633bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21643bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21653bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21663bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21673bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21683bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21693bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21703bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21713bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21723bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21733bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21743bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21753bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21763bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21773bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21783bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21793bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21803bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21813bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21823bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008348f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21833bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21843bec.2f14: supR3HardenedDllNotificationCallback: load 000007fee3d20000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21853bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21863bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21873bec.2f14: supR3HardenedDllNotificationCallback: load 0000000050550000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21883bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21893bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21903bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
21913bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21923bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008348f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21933bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
21943bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21953bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834590:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21963bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
21973bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21983bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834590:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21993bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
22003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22013bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
22023bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
22033bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
22043bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
22053bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22063bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22073bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
22083bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22093bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22103bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22113bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
22123bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
22133bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22143bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22153bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22163bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22183bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22193bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22223bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22253bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22263bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
22273bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
22283bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
22293bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
22303bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22313bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22323bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
22333bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22343bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22353bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
22363bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
22373bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22383bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22393bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22403bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22413bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22423bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22433bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22443bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22453bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22463bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22473bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22483bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22493bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22503bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22513bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22523bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005130380:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22533bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22543bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef5010000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
22553bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22563bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22573bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef53b0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
22583bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22593bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5010000 'C:\Windows\system32\wbem\wbemprox.dll'
22603bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22613bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
22623bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
22633bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
22643bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
22653bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22663bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22673bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22683bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22693bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22703bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22713bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22723bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22733bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22743bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005130380:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22753bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22763bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef4c00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
22773bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22783bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4c00000 'C:\Windows\system32\wbem\wbemsvc.dll'
22793bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22803bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
22813bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
22823bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
22833bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
22843bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22853bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22863bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
22873bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
22883bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
22893bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22903bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
22913bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22923bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22933bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
22943bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
22953bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000acc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
22973bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
22983bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
22993bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
23003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23013bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23023bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
23033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
23043bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
23053bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23063bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23103bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23113bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23133bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23143bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23153bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23163bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23173bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23183bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23193bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23203bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23213bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23223bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
23233bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23243bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23253bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005130380:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23263bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23273bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef5090000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
23283bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23293bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23303bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef5060000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
23313bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23323bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5090000 'C:\Windows\system32\wbem\fastprox.dll'
23333bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
23343bec.3020: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
23353bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
23363bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
23373bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
23383bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
23393bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
23403bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23413bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
23423bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
23433bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
23443bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
23453bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
23463bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23473bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
23483bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
23493bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
23503bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23513bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
23523bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
23533bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
23543bec.3020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
23553bec.3020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
23563bec.3020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
23573bec.3020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
23583bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23593bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
23603bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
23613bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
23623bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
23633bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23643bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
23653bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23663bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
23673bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23683bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23693bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
23703bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
23713bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
23723bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
23733bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23743bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23753bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23763bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23773bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
23783bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
23793bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
23803bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
23813bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23823bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23833bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
23843bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
23853bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
23863bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23873bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23883bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23893bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23903bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
23913bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23923bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23933bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23943bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23953bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23963bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23973bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23983bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23993bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24003bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24013bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24023bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24033bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24043bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24053bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24063bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
24073bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24083bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
24093bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
24103bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
24113bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
24123bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24133bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24143bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24153bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24163bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
24173bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
24183bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24193bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
24203bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
24213bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
24223bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
24233bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24243bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24253bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24263bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24273bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
24283bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
24293bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24303bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24313bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24323bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24333bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24343bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24353bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24363bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24373bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24383bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24393bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
24403bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
24413bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
24423bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
24433bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
24443bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24453bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
24463bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
24473bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
24483bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
24493bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24503bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24513bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24523bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
24533bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
24543bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24553bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
24563bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
24573bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24583bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24593bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24603bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24613bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24623bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24633bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
24643bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
24653bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24663bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
24673bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
24683bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
24693bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
24703bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24713bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
24723bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
24733bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
24743bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
24753bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24763bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24773bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
24783bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
24793bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
24803bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
24813bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
24823bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
24833bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
24843bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24853bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24863bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
24873bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
24883bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24893bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24903bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
24913bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
24923bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
24933bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
24943bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
24953bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
24963bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
24973bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24983bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24993bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25003bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25013bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
25023bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25033bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25043bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25053bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25063bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25073bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25083bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25093bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25103bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25113bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25123bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25133bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25143bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25153bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
25163bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
25173bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
25183bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25193bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25203bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25213bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
25223bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
25233bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
25243bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25253bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25263bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25273bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25283bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25293bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25303bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25313bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25323bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25333bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25343bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
25353bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
25363bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
25373bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
25383bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
25393bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
25403bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25413bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25423bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6ae50:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25433bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
25443bec.3020: supR3HardenedDllNotificationCallback: load 000007fef4ee0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
25453bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
25463bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25473bec.3020: supR3HardenedDllNotificationCallback: load 000007fefc9b0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
25483bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25493bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25503bec.3020: supR3HardenedDllNotificationCallback: load 000007fefc9a0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
25513bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25523bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4ee0000 'C:\Windows\system32\netcfgx.dll'
25533bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25543bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25553bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\SETUPAPI.dll'
25563bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25573bec.3020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
25583bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
25593bec.3020: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
25603bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
25613bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bac pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
25623bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
25633bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
25643bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
25653bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
25663bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25673bec.3020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
25683bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
25693bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25703bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25713bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25723bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\WINTRUST.dll'
25733bec.571c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25743bec.571c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25753bec.571c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25763bec.571c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25773bec.571c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25783bec.571c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25793bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25803bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25813bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25823bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25833bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25843bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25853bec.571c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25863bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25873bec.571c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25883bec.571c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25893bec.571c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25903bec.571c: supR3HardenedDllNotificationCallback: load 000007fef4900000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25913bec.571c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25923bec.571c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4900000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25933bec.2f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25943bec.2f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25953bec.2f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25963bec.2f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
25973bec.2f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25983bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25993bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26003bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26013bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26023bec.2f3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
26033bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26043bec.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26053bec.2f3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26063bec.2f3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26073bec.2f3c: supR3HardenedDllNotificationCallback: load 000007fef94f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
26083bec.2f3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26093bec.2f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
26103bec.37f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26113bec.37f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26123bec.37f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26133bec.37f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26143bec.37f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26153bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26163bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26173bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26183bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26193bec.37f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
26203bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26213bec.37f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26223bec.37f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26233bec.37f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26243bec.37f8: supR3HardenedDllNotificationCallback: load 000007fef4810000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26253bec.37f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26263bec.37f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4810000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26273bec.5c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26283bec.5c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26293bec.5c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26303bec.5c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26313bec.5c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26323bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26333bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26343bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26353bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26363bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26373bec.5c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26383bec.5c14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26393bec.5c14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26403bec.5c14: supR3HardenedDllNotificationCallback: load 000007fef4840000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26413bec.5c14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26423bec.5c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4840000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26433bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26443bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26453bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26463bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32/Shell32.dll'
26473bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
26483bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26493bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
26503bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
26513bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26523bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\profapi.dll'
26533bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26543bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26553bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26563bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26573bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26583bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26593bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26603bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26613bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
26623bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26633bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26643bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26653bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26663bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26673bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26683bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26693bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26703bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26713bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26723bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26733bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26743bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26753bec.3020: supR3HardenedDllNotificationCallback: load 000007feedf20000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26763bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26773bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf20000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
26783bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feedf20000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
26793bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26803bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26813bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26823bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
26833bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
26843bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26853bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26863bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
26873bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
26883bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
26893bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
26903bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
26913bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
26923bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
26933bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26943bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26953bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26963bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26973bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26983bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26993bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27003bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27013bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27023bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27033bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27043bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27053bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27063bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27073bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27083bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27093bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27103bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27113bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27123bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27133bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27143bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27153bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27163bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27173bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
27183bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
27193bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27203bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27213bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27223bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27233bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27243bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27253bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27263bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27273bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27283bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
27293bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27303bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27313bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
27323bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
27333bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d60 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
27343bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
27353bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
27363bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
27373bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
27383bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27393bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27403bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27413bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27423bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
27433bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
27443bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
27453bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
27463bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
27473bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
27483bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27493bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27503bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27513bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27523bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27533bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27543bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27553bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27563bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27573bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27583bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27593bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27603bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27613bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27623bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27633bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27643bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27653bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27663bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27673bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27683bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27693bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27703bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
27713bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
27723bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27733bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27743bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27753bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27763bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27773bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27783bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27793bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27803bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27813bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27823bec.3020: supR3HardenedDllNotificationCallback: load 000007fee0170000 LB 0x008e5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27833bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27843bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27853bec.3020: supR3HardenedDllNotificationCallback: load 000007feed720000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27863bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27873bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
27883bec.3020: supR3HardenedDllNotificationCallback: load 000007feeb820000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
27893bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
27903bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27913bec.3020: supR3HardenedDllNotificationCallback: load 000007feedf20000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
27923bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27933bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0170000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
27943bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27953bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27963bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27973bec.3020: supR3HardenedDllNotificationCallback: load 000007feea8a0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
27983bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27993bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea8a0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
28003bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28013bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28023bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28033bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0a60000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
28043bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28053bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28063bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28073bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf20000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
28083bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28093bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28103bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
28113bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28123bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28133bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28143bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28153bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28163bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28173bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28183bec.3020: supR3HardenedDllNotificationCallback: load 000007feedf80000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
28193bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28203bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf80000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
28213bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28223bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28233bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
28243bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28253bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28263bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28273bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28283bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28293bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28303bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28313bec.3020: supR3HardenedDllNotificationCallback: load 000007feedf00000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
28323bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28333bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf00000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
28343bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28353bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28363bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
28373bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28383bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28393bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28403bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28413bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28423bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28433bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28443bec.3020: supR3HardenedDllNotificationCallback: load 000007feed700000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
28453bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28463bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed700000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
28473bec.1030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28483bec.1030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28493bec.1030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28503bec.1030: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28513bec.1030: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28523bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28533bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28543bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28553bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28563bec.1030: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28573bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28583bec.1030: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28593bec.1030: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28603bec.1030: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28613bec.1030: supR3HardenedDllNotificationCallback: load 000007fef1c10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
28623bec.1030: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28633bec.1030: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
28643bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
28653bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
28663bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
28673bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
28683bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
28693bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28703bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28713bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
28723bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28733bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28743bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
28753bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
28763bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
28773bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
28783bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
28793bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
28803bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df8 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
28813bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
28823bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
28833bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
28843bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
28853bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28863bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28873bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
28883bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28893bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
28903bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
28913bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28923bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28933bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28943bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28953bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28963bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
28973bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28983bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28993bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29003bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29013bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29023bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29033bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29043bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29053bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29063bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29073bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29083bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29093bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29103bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517eb70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29113bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29123bec.3020: supR3HardenedDllNotificationCallback: load 000007feec250000 LB 0x00088000 C:\Windows\system32\dsound.dll [fFlags=0x0]
29133bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29143bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
29153bec.3020: supR3HardenedDllNotificationCallback: load 000007fefb0f0000 LB 0x0002c000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
29163bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
29173bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29183bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29193bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\system32\dsound.dll'
29203bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\system32/dsound.dll'
29213bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e1c pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29223bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
29233bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
29243bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
29253bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
29263bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29273bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29283bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29293bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29303bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
29313bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29323bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29333bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29343bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29353bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e00 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
29363bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
29373bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
29383bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
29393bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
29403bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29413bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29423bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
29433bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
29443bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29453bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29463bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
29473bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
29483bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29493bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29503bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29513bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29523bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29533bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29543bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29553bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29563bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29573bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29583bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29593bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29603bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29613bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29623bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29633bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29643bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6a4b0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29653bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29663bec.3020: supR3HardenedDllNotificationCallback: load 000007fefa630000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
29673bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29683bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29693bec.3020: supR3HardenedDllNotificationCallback: load 000007fefa500000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
29703bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29713bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
29723bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\System32\MMDevApi.dll'
29733bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
29743bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29753bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517f110:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29763bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\SETUPAPI.dll'
29773bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
29783bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29793bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffe40000 'C:\Windows\system32\SHLWAPI.dll'
29803bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29813bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29823bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\system32\MMDEVAPI.DLL'
29833bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
29843bec.5aa8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
29853bec.5aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29863bec.5aa8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\CFGMGR32.dll'
29873bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29883bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29893bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
29903bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29913bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
29923bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29933bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
29943bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\RPCRT4.dll'
29953bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29963bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29973bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\system32\MMDevAPI.DLL'
29983bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29993bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
30003bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
30013bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
30023bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30033bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30043bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30053bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30063bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30073bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30083bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
30093bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
30103bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
30113bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
30123bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
30133bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30143bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30153bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30163bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
30173bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
30183bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
30193bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
30203bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
30213bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30223bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
30233bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
30243bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30253bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30263bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30273bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30283bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30293bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
30303bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
30313bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
30323bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
30333bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
30343bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30353bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30363bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
30373bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30383bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30393bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30403bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30413bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30423bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30433bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30443bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30453bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30463bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30473bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30483bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30493bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30503bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30513bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30523bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30533bec.3020: supR3HardenedDllNotificationCallback: load 000007feead80000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
30543bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30553bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30563bec.3020: supR3HardenedDllNotificationCallback: load 00000000741c0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
30573bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30583bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30593bec.3020: supR3HardenedDllNotificationCallback: load 000007fefa4f0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
30603bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30613bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30623bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30633bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30643bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30653bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30663bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517e810:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30673bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30683bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30693bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517f3e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30703bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30713bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30723bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517f3e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30733bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30743bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e74 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30753bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
30763bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
30773bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
30783bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
30793bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30803bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30813bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30823bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30833bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
30843bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30853bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
30863bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
30873bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
30883bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30893bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30903bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30913bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30923bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30933bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30943bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30953bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30963bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30973bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30983bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
30993bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31003bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31013bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31023bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31033bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31043bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31053bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517f3e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31063bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31073bec.3020: supR3HardenedDllNotificationCallback: load 000007feec160000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
31083bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31093bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec160000 'C:\Windows\system32\AUDIOSES.DLL'
31103bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31113bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517f3e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31123bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31133bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31143bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517edb0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31153bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31163bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31173bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31183bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31193bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31203bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31213bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31223bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31233bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
31243bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
31253bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
31263bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
31273bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
31283bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31293bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31303bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31313bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
31323bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
31333bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
31343bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
31353bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31363bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31373bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31383bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31393bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31403bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31413bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e94 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
31423bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
31433bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
31443bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
31453bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
31463bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31473bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31483bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31493bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
31503bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
31513bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
31523bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
31533bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31543bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31553bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31563bec.3020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31573bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31583bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31593bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31603bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31613bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31623bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31633bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31643bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31653bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31663bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31673bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31683bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31693bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31703bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31713bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31723bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31733bec.3020: supR3HardenedDllNotificationCallback: load 000007feee2c0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
31743bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31753bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31763bec.3020: supR3HardenedDllNotificationCallback: load 000007feed5e0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
31773bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31783bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31793bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31803bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31813bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31823bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31833bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31843bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31853bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31863bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31873bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31883bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31893bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31903bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31913bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31923bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31933bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31943bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31953bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31963bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31973bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31983bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
31993bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32003bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e98 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
32013bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
32023bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
32033bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
32043bec.3020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
32053bec.3020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32063bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32073bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
32083bec.3020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
32093bec.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
32103bec.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
32113bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32123bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32133bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32143bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32153bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32163bec.3020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32173bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32183bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32193bec.3020: supR3HardenedDllNotificationCallback: load 000007feedf60000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
32203bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32213bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32223bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32233bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32243bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32253bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32263bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32273bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32283bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32293bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32303bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32313bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32323bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32333bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32343bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
32353bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32363bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32373bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32383bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ec00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32393bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32403bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32413bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6a2a0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32423bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\System32\dsound.dll'
32433bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32443bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32453bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32463bec.63b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32473bec.63b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c6a560:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32483bec.63b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec160000 'C:\Windows\System32\audioses.dll'
32493bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32503bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32513bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32523bec.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32533bec.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008339c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32543bec.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32553bec.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32/kernel32.dll'
32563bec.1bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
32573bec.1030: supR3HardenedDllNotificationCallback: Unload 000007fef1c10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
32583bec.5c14: supR3HardenedDllNotificationCallback: Unload 000007fef4840000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
32593bec.37f8: supR3HardenedDllNotificationCallback: Unload 000007fef4810000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
32603bec.2f3c: supR3HardenedDllNotificationCallback: Unload 000007fef94f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
32613bec.571c: supR3HardenedDllNotificationCallback: Unload 000007fef4900000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
32623bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feed700000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
32633bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feedf00000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
32643bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feedf80000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
32653bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feea8a0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
32663bec.3020: supR3HardenedDllNotificationCallback: Unload 000007fee0170000 LB 0x008e5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
32673bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feedf20000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
32683bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feed720000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
32693bec.3020: supR3HardenedDllNotificationCallback: Unload 000007feeb820000 LB 0x00051000 C:\Windows\system32\newdev.dll [flags=0x0]
32703bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc4 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
32713bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
32723bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
32733bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B48D4C63C7308FE42B2B7DF054999F6CE86C20
32743bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
32753bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32763bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32773bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
32783bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
32793bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
32803bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
32813bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
32823bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
32833bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
32843bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32853bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32863bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
32873bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
32883bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
32893bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32903bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32913bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ef60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32923bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
32933bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef8ff0000 LB 0x0009c000 C:\Windows\system32\mscms.dll [fFlags=0x0]
32943bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
32953bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ff0000 'C:\Windows\system32\mscms.dll'
32963bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd4 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
32973bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000080aeb0
32983bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000080aeb0
32993bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A467A1C0C873D06FC9374DE3DAC05A8C3CE89002
33003bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
33013bec.2f14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33023bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33033bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
33043bec.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
33053bec.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
33063bec.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
33073bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33083bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33093bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
33103bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
33113bec.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
33123bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33133bec.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33143bec.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000517ef60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33153bec.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
33163bec.2f14: supR3HardenedDllNotificationCallback: load 000007fef4520000 LB 0x00042000 C:\Windows\system32\icm32.dll [fFlags=0x0]
33173bec.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
33183bec.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4520000 'C:\Windows\system32\icm32.dll'
33193bec.2f34: supR3HardenedDllNotificationCallback: Unload 000007fef98d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
33203bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef4ee0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
33213bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fefc9b0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
33223bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fefc9a0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
33233bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef5090000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
33243bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef5060000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
33253bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef4c00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
33263bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef5010000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
33273bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fef53b0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
33283bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fee0a60000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33293bec.2f14: supR3HardenedDllNotificationCallback: Unload 000007fefc860000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [flags=0x0]
33303bec.2f14: supR3HardenedDllNotificationCallback: Unload 0000000077d80000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
33313bec.2f14: Terminating the normal way: rcExit=1
3332631c.40ec: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 16725 ms, the end);
33332ad4.2910: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 17345 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy