VirtualBox

Ticket #15134: VBoxHardening.log

File VBoxHardening.log, 406.2 KB (added by ifs, 9 years ago)

hardening file

Line 
165e8.6760: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
265e8.6760: \SystemRoot\System32\ntdll.dll:
365e8.6760: CreationTime: 2016-01-13T05:06:15.071481300Z
465e8.6760: LastWriteTime: 2015-12-30T19:05:33.659216000Z
565e8.6760: ChangeTime: 2016-01-14T03:47:38.291208600Z
665e8.6760: FileAttributes: 0x20
765e8.6760: Size: 0x1a67c0
865e8.6760: NT Headers: 0xe0
965e8.6760: Timestamp: 0x568429e5
1065e8.6760: Machine: 0x8664 - amd64
1165e8.6760: Timestamp: 0x568429e5
1265e8.6760: Image Version: 6.1
1365e8.6760: SizeOfImage: 0x1a9000 (1740800)
1465e8.6760: Resource Dir: 0x14d000 LB 0x5a028
1565e8.6760: ProductName: Microsoft® Windows® Operating System
1665e8.6760: ProductVersion: 6.1.7601.19110
1765e8.6760: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
1865e8.6760: FileDescription: NT Layer DLL
1965e8.6760: \SystemRoot\System32\kernel32.dll:
2065e8.6760: CreationTime: 2016-01-13T05:06:15.327496000Z
2165e8.6760: LastWriteTime: 2015-12-30T18:57:55.730000000Z
2265e8.6760: ChangeTime: 2016-01-14T03:47:38.416008900Z
2365e8.6760: FileAttributes: 0x20
2465e8.6760: Size: 0x11c000
2565e8.6760: NT Headers: 0xe8
2665e8.6760: Timestamp: 0x568429dc
2765e8.6760: Machine: 0x8664 - amd64
2865e8.6760: Timestamp: 0x568429dc
2965e8.6760: Image Version: 6.1
3065e8.6760: SizeOfImage: 0x11f000 (1175552)
3165e8.6760: Resource Dir: 0x116000 LB 0x528
3265e8.6760: ProductName: Microsoft® Windows® Operating System
3365e8.6760: ProductVersion: 6.1.7601.19110
3465e8.6760: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
3565e8.6760: FileDescription: Windows NT BASE API Client DLL
3665e8.6760: \SystemRoot\System32\KernelBase.dll:
3765e8.6760: CreationTime: 2016-01-13T05:06:14.730461800Z
3865e8.6760: LastWriteTime: 2015-12-30T18:57:55.761000000Z
3965e8.6760: ChangeTime: 2016-01-14T03:47:38.416008900Z
4065e8.6760: FileAttributes: 0x20
4165e8.6760: Size: 0x67a00
4265e8.6760: NT Headers: 0xe8
4365e8.6760: Timestamp: 0x568429dd
4465e8.6760: Machine: 0x8664 - amd64
4565e8.6760: Timestamp: 0x568429dd
4665e8.6760: Image Version: 6.1
4765e8.6760: SizeOfImage: 0x6c000 (442368)
4865e8.6760: Resource Dir: 0x6a000 LB 0x530
4965e8.6760: ProductName: Microsoft® Windows® Operating System
5065e8.6760: ProductVersion: 6.1.7601.19110
5165e8.6760: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5265e8.6760: FileDescription: Windows NT BASE API Client DLL
5365e8.6760: \SystemRoot\System32\apisetschema.dll:
5465e8.6760: CreationTime: 2016-01-13T05:06:14.540450900Z
5565e8.6760: LastWriteTime: 2015-12-30T18:54:58.839000000Z
5665e8.6760: ChangeTime: 2016-01-14T03:47:38.291208600Z
5765e8.6760: FileAttributes: 0x20
5865e8.6760: Size: 0x1a00
5965e8.6760: NT Headers: 0xc0
6065e8.6760: Timestamp: 0x568428c9
6165e8.6760: Machine: 0x8664 - amd64
6265e8.6760: Timestamp: 0x568428c9
6365e8.6760: Image Version: 6.1
6465e8.6760: SizeOfImage: 0x50000 (327680)
6565e8.6760: Resource Dir: 0x30000 LB 0x3f8
6665e8.6760: ProductName: Microsoft® Windows® Operating System
6765e8.6760: ProductVersion: 6.1.7601.19110
6865e8.6760: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
6965e8.6760: FileDescription: ApiSet Schema DLL
7065e8.6760: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7165e8.6760: supR3HardenedWinFindAdversaries: 0x80
7265e8.6760: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
7365e8.6760: CreationTime: 2015-11-06T06:50:12.660752300Z
7465e8.6760: LastWriteTime: 2015-11-06T06:53:14.755687000Z
7565e8.6760: ChangeTime: 2015-11-06T06:53:14.755687000Z
7665e8.6760: FileAttributes: 0x20
7765e8.6760: Size: 0x2eed8
7865e8.6760: NT Headers: 0xe0
7965e8.6760: Timestamp: 0x55b855d9
8065e8.6760: Machine: 0x8664 - amd64
8165e8.6760: Timestamp: 0x55b855d9
8265e8.6760: Image Version: 6.1
8365e8.6760: SizeOfImage: 0x33000 (208896)
8465e8.6760: Resource Dir: 0x31000 LB 0x3b8
8565e8.6760: ProductName: Malwarebytes Anti-Malware
8665e8.6760: ProductVersion: 0.3.0.0
8765e8.6760: FileVersion: 0.3.0.0
8865e8.6760: FileDescription: Malwarebytes Anti-Malware
8965e8.6760: \SystemRoot\System32\drivers\mwac.sys:
9065e8.6760: CreationTime: 2015-11-06T06:49:17.342654200Z
9165e8.6760: LastWriteTime: 2015-10-05T08:50:18.000000000Z
9265e8.6760: ChangeTime: 2016-01-16T08:59:55.454640000Z
9365e8.6760: FileAttributes: 0x20
9465e8.6760: Size: 0xf8d8
9565e8.6760: NT Headers: 0xf8
9665e8.6760: Timestamp: 0x53a0f42a
9765e8.6760: Machine: 0x8664 - amd64
9865e8.6760: Timestamp: 0x53a0f42a
9965e8.6760: Image Version: 6.2
10065e8.6760: SizeOfImage: 0x12000 (73728)
10165e8.6760: Resource Dir: 0x10000 LB 0x3e0
10265e8.6760: ProductName: Malwarebytes Web Access Control
10365e8.6760: ProductVersion: 1.0.6.0
10465e8.6760: FileVersion: 1.0.6.0
10565e8.6760: FileDescription: Malwarebytes Web Access Control
10665e8.6760: \SystemRoot\System32\drivers\mbamchameleon.sys:
10765e8.6760: CreationTime: 2015-11-06T06:49:17.342654200Z
10865e8.6760: LastWriteTime: 2015-10-05T08:50:10.000000000Z
10965e8.6760: ChangeTime: 2015-11-06T06:52:15.029101200Z
11065e8.6760: FileAttributes: 0x20
11165e8.6760: Size: 0x1aad8
11265e8.6760: NT Headers: 0xd8
11365e8.6760: Timestamp: 0x55c103c3
11465e8.6760: Machine: 0x8664 - amd64
11565e8.6760: Timestamp: 0x55c103c3
11665e8.6760: Image Version: 6.1
11765e8.6760: SizeOfImage: 0x1e000 (122880)
11865e8.6760: Resource Dir: 0x1c000 LB 0xba8
11965e8.6760: ProductName: Malwarebytes Chameleon
12065e8.6760: ProductVersion: 1.1.21.0
12165e8.6760: FileVersion: 1.1.21.0
12265e8.6760: FileDescription: Malwarebytes Chameleon Protection Driver
12365e8.6760: \SystemRoot\System32\drivers\mbam.sys:
12465e8.6760: CreationTime: 2015-11-06T06:49:17.327054200Z
12565e8.6760: LastWriteTime: 2015-10-05T08:50:06.000000000Z
12665e8.6760: ChangeTime: 2016-01-16T08:59:55.445639500Z
12765e8.6760: FileAttributes: 0x20
12865e8.6760: Size: 0x64d8
12965e8.6760: NT Headers: 0xd8
13065e8.6760: Timestamp: 0x55ca3257
13165e8.6760: Machine: 0x8664 - amd64
13265e8.6760: Timestamp: 0x55ca3257
13365e8.6760: Image Version: 6.1
13465e8.6760: SizeOfImage: 0xa000 (40960)
13565e8.6760: Resource Dir: 0x8000 LB 0x3a0
13665e8.6760: ProductName: Malwarebytes Anti-Malware
13765e8.6760: ProductVersion: 0.1.16.0
13865e8.6760: FileVersion: 0.1.16.0
13965e8.6760: FileDescription: Malwarebytes Anti-Malware
14065e8.6760: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14165e8.6760: Calling main()
14265e8.6760: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
14365e8.6760: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14465e8.6760: SUPR3HardenedMain: Respawn #1
14565e8.6760: System32: \Device\HarddiskVolume2\Windows\System32
14665e8.6760: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
14765e8.6760: KnownDllPath: C:\Windows\system32
14865e8.6760: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
14965e8.6760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
15065e8.6760: supR3HardNtEnableThreadCreation:
15165e8.6760: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
15265e8.6760: supR3HardenedWinDoReSpawn(1): New child 6dfc.6d40 [kernel32].
15365e8.6760: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
15465e8.6760: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bb0000 uNtDllChildAddr=0000000077bb0000
15565e8.6760: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bdb630
15665e8.6760: supR3HardenedWinSetupChildInit: Start child.
15765e8.6760: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
15865e8.6760: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 53 sleeps
15965e8.6760: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
16065e8.6760: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
16165e8.6760: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
16265e8.6760: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
16365e8.6760: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
16465e8.6760: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
16565e8.6760: 0000000000041000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
16665e8.6760: *00000000001d0000-00000000000d3fff 0x0000/0x0004 0x0020000
16765e8.6760: 00000000002cc000-00000000002c8fff 0x0104/0x0004 0x0020000
16865e8.6760: 00000000002cf000-00000000002cdfff 0x0004/0x0004 0x0020000
16965e8.6760: 00000000002d0000-ffffffff889effff 0x0001/0x0000 0x0000000
17065e8.6760: *0000000077bb0000-0000000077bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17165e8.6760: 0000000077bb1000-0000000077caefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17265e8.6760: 0000000077caf000-0000000077cddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17365e8.6760: 0000000077cde000-0000000077ce5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17465e8.6760: 0000000077ce6000-0000000077ce6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17565e8.6760: 0000000077ce7000-0000000077ce9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17665e8.6760: 0000000077cea000-0000000077d58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
17765e8.6760: 0000000077d59000-0000000070ad1fff 0x0001/0x0000 0x0000000
17865e8.6760: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
17965e8.6760: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
18065e8.6760: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
18165e8.6760: 000000007fff0000-ffffffffc0b6ffff 0x0001/0x0000 0x0000000
18265e8.6760: *000000013f470000-000000013f470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18365e8.6760: 000000013f471000-000000013f4f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18465e8.6760: 000000013f4f8000-000000013f4f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18565e8.6760: 000000013f4f9000-000000013f543fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18665e8.6760: 000000013f544000-000000013f544fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18765e8.6760: 000000013f545000-000000013f545fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18865e8.6760: 000000013f546000-000000013f54afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18965e8.6760: 000000013f54b000-000000013f54bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
19065e8.6760: 000000013f54c000-000000013f54cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
19165e8.6760: 000000013f54d000-000000013f550fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
19265e8.6760: 000000013f551000-000000013f59bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
19365e8.6760: 000000013f59c000-fffff8037ec67fff 0x0001/0x0000 0x0000000
19465e8.6760: *000007feffed0000-000007feffed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
19565e8.6760: 000007feffed1000-000007fdffdf1fff 0x0001/0x0000 0x0000000
19665e8.6760: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
19765e8.6760: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
19865e8.6760: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
19965e8.6760: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
20065e8.6760: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
20165e8.6760: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
20265e8.6760: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
20365e8.6760: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
20465e8.6760: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
20565e8.6760: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
20665e8.6760: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
2076dfc.6d40: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2086dfc.6d40: supR3HardenedVmProcessInit: uNtDllAddr=0000000077bb0000
2096dfc.6d40: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
2106dfc.6d40: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1740800 allocation)
21165e8.6760: supR3HardNtEnableThreadCreation:
2126dfc.6d40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2136dfc.6d40: System32: \Device\HarddiskVolume2\Windows\System32
2146dfc.6d40: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2156dfc.6d40: KnownDllPath: C:\Windows\system32
2166dfc.6d40: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2176dfc.6d40: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2186dfc.6d40: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2196dfc.6d40: Registered Dll notification callback with NTDLL.
2206dfc.6d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2216dfc.6d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2226dfc.6d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2236dfc.6d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2246dfc.6d40: supR3HardenedDllNotificationCallback: load 0000000077a90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2256dfc.6d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2266dfc.6d40: supR3HardenedDllNotificationCallback: load 000007fefdbf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2276dfc.6d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2286dfc.6d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2296dfc.6d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
2306dfc.6d40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
23165e8.6760: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 25 ms.
2326dfc.6d40: \SystemRoot\System32\ntdll.dll:
2336dfc.6d40: CreationTime: 2016-01-13T05:06:15.071481300Z
2346dfc.6d40: LastWriteTime: 2015-12-30T19:05:33.659216000Z
2356dfc.6d40: ChangeTime: 2016-01-14T03:47:38.291208600Z
2366dfc.6d40: FileAttributes: 0x20
2376dfc.6d40: Size: 0x1a67c0
2386dfc.6d40: NT Headers: 0xe0
2396dfc.6d40: Timestamp: 0x568429e5
2406dfc.6d40: Machine: 0x8664 - amd64
2416dfc.6d40: Timestamp: 0x568429e5
2426dfc.6d40: Image Version: 6.1
2436dfc.6d40: SizeOfImage: 0x1a9000 (1740800)
2446dfc.6d40: Resource Dir: 0x14d000 LB 0x5a028
2456dfc.6d40: ProductName: Microsoft® Windows® Operating System
2466dfc.6d40: ProductVersion: 6.1.7601.19110
2476dfc.6d40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
2486dfc.6d40: FileDescription: NT Layer DLL
2496dfc.6d40: \SystemRoot\System32\kernel32.dll:
2506dfc.6d40: CreationTime: 2016-01-13T05:06:15.327496000Z
2516dfc.6d40: LastWriteTime: 2015-12-30T18:57:55.730000000Z
2526dfc.6d40: ChangeTime: 2016-01-14T03:47:38.416008900Z
2536dfc.6d40: FileAttributes: 0x20
2546dfc.6d40: Size: 0x11c000
2556dfc.6d40: NT Headers: 0xe8
2566dfc.6d40: Timestamp: 0x568429dc
2576dfc.6d40: Machine: 0x8664 - amd64
2586dfc.6d40: Timestamp: 0x568429dc
2596dfc.6d40: Image Version: 6.1
2606dfc.6d40: SizeOfImage: 0x11f000 (1175552)
2616dfc.6d40: Resource Dir: 0x116000 LB 0x528
2626dfc.6d40: ProductName: Microsoft® Windows® Operating System
2636dfc.6d40: ProductVersion: 6.1.7601.19110
2646dfc.6d40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
2656dfc.6d40: FileDescription: Windows NT BASE API Client DLL
2666dfc.6d40: \SystemRoot\System32\KernelBase.dll:
2676dfc.6d40: CreationTime: 2016-01-13T05:06:14.730461800Z
2686dfc.6d40: LastWriteTime: 2015-12-30T18:57:55.761000000Z
2696dfc.6d40: ChangeTime: 2016-01-14T03:47:38.416008900Z
2706dfc.6d40: FileAttributes: 0x20
2716dfc.6d40: Size: 0x67a00
2726dfc.6d40: NT Headers: 0xe8
2736dfc.6d40: Timestamp: 0x568429dd
2746dfc.6d40: Machine: 0x8664 - amd64
2756dfc.6d40: Timestamp: 0x568429dd
2766dfc.6d40: Image Version: 6.1
2776dfc.6d40: SizeOfImage: 0x6c000 (442368)
2786dfc.6d40: Resource Dir: 0x6a000 LB 0x530
2796dfc.6d40: ProductName: Microsoft® Windows® Operating System
2806dfc.6d40: ProductVersion: 6.1.7601.19110
2816dfc.6d40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
2826dfc.6d40: FileDescription: Windows NT BASE API Client DLL
2836dfc.6d40: \SystemRoot\System32\apisetschema.dll:
2846dfc.6d40: CreationTime: 2016-01-13T05:06:14.540450900Z
2856dfc.6d40: LastWriteTime: 2015-12-30T18:54:58.839000000Z
2866dfc.6d40: ChangeTime: 2016-01-14T03:47:38.291208600Z
2876dfc.6d40: FileAttributes: 0x20
2886dfc.6d40: Size: 0x1a00
2896dfc.6d40: NT Headers: 0xc0
2906dfc.6d40: Timestamp: 0x568428c9
2916dfc.6d40: Machine: 0x8664 - amd64
2926dfc.6d40: Timestamp: 0x568428c9
2936dfc.6d40: Image Version: 6.1
2946dfc.6d40: SizeOfImage: 0x50000 (327680)
2956dfc.6d40: Resource Dir: 0x30000 LB 0x3f8
2966dfc.6d40: ProductName: Microsoft® Windows® Operating System
2976dfc.6d40: ProductVersion: 6.1.7601.19110
2986dfc.6d40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
2996dfc.6d40: FileDescription: ApiSet Schema DLL
3006dfc.6d40: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3016dfc.6d40: supR3HardenedWinFindAdversaries: 0x80
3026dfc.6d40: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
3036dfc.6d40: CreationTime: 2015-11-06T06:50:12.660752300Z
3046dfc.6d40: LastWriteTime: 2015-11-06T06:53:14.755687000Z
3056dfc.6d40: ChangeTime: 2015-11-06T06:53:14.755687000Z
3066dfc.6d40: FileAttributes: 0x20
3076dfc.6d40: Size: 0x2eed8
3086dfc.6d40: NT Headers: 0xe0
3096dfc.6d40: Timestamp: 0x55b855d9
3106dfc.6d40: Machine: 0x8664 - amd64
3116dfc.6d40: Timestamp: 0x55b855d9
3126dfc.6d40: Image Version: 6.1
3136dfc.6d40: SizeOfImage: 0x33000 (208896)
3146dfc.6d40: Resource Dir: 0x31000 LB 0x3b8
3156dfc.6d40: ProductName: Malwarebytes Anti-Malware
3166dfc.6d40: ProductVersion: 0.3.0.0
3176dfc.6d40: FileVersion: 0.3.0.0
3186dfc.6d40: FileDescription: Malwarebytes Anti-Malware
3196dfc.6d40: \SystemRoot\System32\drivers\mwac.sys:
3206dfc.6d40: CreationTime: 2015-11-06T06:49:17.342654200Z
3216dfc.6d40: LastWriteTime: 2015-10-05T08:50:18.000000000Z
3226dfc.6d40: ChangeTime: 2016-01-16T08:59:55.454640000Z
3236dfc.6d40: FileAttributes: 0x20
3246dfc.6d40: Size: 0xf8d8
3256dfc.6d40: NT Headers: 0xf8
3266dfc.6d40: Timestamp: 0x53a0f42a
3276dfc.6d40: Machine: 0x8664 - amd64
3286dfc.6d40: Timestamp: 0x53a0f42a
3296dfc.6d40: Image Version: 6.2
3306dfc.6d40: SizeOfImage: 0x12000 (73728)
3316dfc.6d40: Resource Dir: 0x10000 LB 0x3e0
3326dfc.6d40: ProductName: Malwarebytes Web Access Control
3336dfc.6d40: ProductVersion: 1.0.6.0
3346dfc.6d40: FileVersion: 1.0.6.0
3356dfc.6d40: FileDescription: Malwarebytes Web Access Control
3366dfc.6d40: \SystemRoot\System32\drivers\mbamchameleon.sys:
3376dfc.6d40: CreationTime: 2015-11-06T06:49:17.342654200Z
3386dfc.6d40: LastWriteTime: 2015-10-05T08:50:10.000000000Z
3396dfc.6d40: ChangeTime: 2015-11-06T06:52:15.029101200Z
3406dfc.6d40: FileAttributes: 0x20
3416dfc.6d40: Size: 0x1aad8
3426dfc.6d40: NT Headers: 0xd8
3436dfc.6d40: Timestamp: 0x55c103c3
3446dfc.6d40: Machine: 0x8664 - amd64
3456dfc.6d40: Timestamp: 0x55c103c3
3466dfc.6d40: Image Version: 6.1
3476dfc.6d40: SizeOfImage: 0x1e000 (122880)
3486dfc.6d40: Resource Dir: 0x1c000 LB 0xba8
3496dfc.6d40: ProductName: Malwarebytes Chameleon
3506dfc.6d40: ProductVersion: 1.1.21.0
3516dfc.6d40: FileVersion: 1.1.21.0
3526dfc.6d40: FileDescription: Malwarebytes Chameleon Protection Driver
3536dfc.6d40: \SystemRoot\System32\drivers\mbam.sys:
3546dfc.6d40: CreationTime: 2015-11-06T06:49:17.327054200Z
3556dfc.6d40: LastWriteTime: 2015-10-05T08:50:06.000000000Z
3566dfc.6d40: ChangeTime: 2016-01-16T08:59:55.445639500Z
3576dfc.6d40: FileAttributes: 0x20
3586dfc.6d40: Size: 0x64d8
3596dfc.6d40: NT Headers: 0xd8
3606dfc.6d40: Timestamp: 0x55ca3257
3616dfc.6d40: Machine: 0x8664 - amd64
3626dfc.6d40: Timestamp: 0x55ca3257
3636dfc.6d40: Image Version: 6.1
3646dfc.6d40: SizeOfImage: 0xa000 (40960)
3656dfc.6d40: Resource Dir: 0x8000 LB 0x3a0
3666dfc.6d40: ProductName: Malwarebytes Anti-Malware
3676dfc.6d40: ProductVersion: 0.1.16.0
3686dfc.6d40: FileVersion: 0.1.16.0
3696dfc.6d40: FileDescription: Malwarebytes Anti-Malware
3706dfc.6d40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3716dfc.6d40: Calling main()
3726dfc.6d40: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3736dfc.6d40: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3746dfc.6d40: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3756dfc.6d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3766dfc.6d40: SUPR3HardenedMain: Respawn #2
3776dfc.6d40: supR3HardNtEnableThreadCreation:
3786dfc.6d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3796dfc.6d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3806dfc.6d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3816dfc.6d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3826dfc.6d40: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3836dfc.6d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3846dfc.6d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\Windows\system32\apphelp.dll'
3856dfc.6d40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
3866dfc.6d40: supR3HardenedWinDoReSpawn(2): New child 6ef8.42e4 [kernel32].
3876dfc.6d40: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
3886dfc.6d40: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077bb0000 uNtDllChildAddr=0000000077bb0000
3896dfc.6d40: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bdb630
3906dfc.6d40: supR3HardenedWinSetupChildInit: Start child.
3916dfc.6d40: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3926dfc.6d40: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 57 sleeps
3936dfc.6d40: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3946dfc.6d40: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3956dfc.6d40: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3966dfc.6d40: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3976dfc.6d40: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3986dfc.6d40: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3996dfc.6d40: 0000000000041000-fffffffffff91fff 0x0001/0x0000 0x0000000
4006dfc.6d40: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
4016dfc.6d40: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000
4026dfc.6d40: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000
4036dfc.6d40: 00000000001f0000-ffffffff8882ffff 0x0001/0x0000 0x0000000
4046dfc.6d40: *0000000077bb0000-0000000077bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4056dfc.6d40: 0000000077bb1000-0000000077caefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4066dfc.6d40: 0000000077caf000-0000000077cddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4076dfc.6d40: 0000000077cde000-0000000077ce5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4086dfc.6d40: 0000000077ce6000-0000000077ce6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4096dfc.6d40: 0000000077ce7000-0000000077ce9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4106dfc.6d40: 0000000077cea000-0000000077d58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4116dfc.6d40: 0000000077d59000-0000000070ad1fff 0x0001/0x0000 0x0000000
4126dfc.6d40: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4136dfc.6d40: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4146dfc.6d40: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4156dfc.6d40: 000000007fff0000-ffffffffc0b6ffff 0x0001/0x0000 0x0000000
4166dfc.6d40: *000000013f470000-000000013f470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4176dfc.6d40: 000000013f471000-000000013f4f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4186dfc.6d40: 000000013f4f8000-000000013f4f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4196dfc.6d40: 000000013f4f9000-000000013f543fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4206dfc.6d40: 000000013f544000-000000013f544fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4216dfc.6d40: 000000013f545000-000000013f545fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4226dfc.6d40: 000000013f546000-000000013f54afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4236dfc.6d40: 000000013f54b000-000000013f54bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4246dfc.6d40: 000000013f54c000-000000013f54cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4256dfc.6d40: 000000013f54d000-000000013f550fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4266dfc.6d40: 000000013f551000-000000013f59bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4276dfc.6d40: 000000013f59c000-fffff8037ec67fff 0x0001/0x0000 0x0000000
4286dfc.6d40: *000007feffed0000-000007feffed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4296dfc.6d40: 000007feffed1000-000007fdffdf1fff 0x0001/0x0000 0x0000000
4306dfc.6d40: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4316dfc.6d40: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
4326dfc.6d40: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
4336dfc.6d40: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
4346dfc.6d40: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4356dfc.6d40: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4366dfc.6d40: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
4376dfc.6d40: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
4386dfc.6d40: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4396dfc.6d40: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4406dfc.6d40: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4416dfc.6d40: supR3HardNtChildPurify: Done after 563 ms and 0 fixes (loop #0).
4426ef8.42e4: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
4436ef8.42e4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077bb0000
4446dfc.6d40: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
4456ef8.42e4: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
4466ef8.42e4: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
4476dfc.6d40: supR3HardNtEnableThreadCreation:
4486ef8.42e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4496ef8.42e4: System32: \Device\HarddiskVolume2\Windows\System32
4506ef8.42e4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
4516ef8.42e4: KnownDllPath: C:\Windows\system32
4526ef8.42e4: supR3HardenedVmProcessInit: Opening vboxdrv...
4536ef8.42e4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4546ef8.42e4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4556ef8.42e4: Registered Dll notification callback with NTDLL.
4566ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4576ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4596ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4606ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000077a90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4616ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4626ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdbf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4636ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4646ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4656ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
4666ef8.42e4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bdb630 pvNtTerminateThread=0000000077bfdee0
4676dfc.6d40: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms.
4686ef8.42e4: \SystemRoot\System32\ntdll.dll:
4696ef8.42e4: CreationTime: 2016-01-13T05:06:15.071481300Z
4706ef8.42e4: LastWriteTime: 2015-12-30T19:05:33.659216000Z
4716ef8.42e4: ChangeTime: 2016-01-14T03:47:38.291208600Z
4726ef8.42e4: FileAttributes: 0x20
4736ef8.42e4: Size: 0x1a67c0
4746ef8.42e4: NT Headers: 0xe0
4756ef8.42e4: Timestamp: 0x568429e5
4766ef8.42e4: Machine: 0x8664 - amd64
4776ef8.42e4: Timestamp: 0x568429e5
4786ef8.42e4: Image Version: 6.1
4796ef8.42e4: SizeOfImage: 0x1a9000 (1740800)
4806ef8.42e4: Resource Dir: 0x14d000 LB 0x5a028
4816ef8.42e4: ProductName: Microsoft® Windows® Operating System
4826ef8.42e4: ProductVersion: 6.1.7601.19110
4836ef8.42e4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4846ef8.42e4: FileDescription: NT Layer DLL
4856ef8.42e4: \SystemRoot\System32\kernel32.dll:
4866ef8.42e4: CreationTime: 2016-01-13T05:06:15.327496000Z
4876ef8.42e4: LastWriteTime: 2015-12-30T18:57:55.730000000Z
4886ef8.42e4: ChangeTime: 2016-01-14T03:47:38.416008900Z
4896ef8.42e4: FileAttributes: 0x20
4906ef8.42e4: Size: 0x11c000
4916ef8.42e4: NT Headers: 0xe8
4926ef8.42e4: Timestamp: 0x568429dc
4936ef8.42e4: Machine: 0x8664 - amd64
4946ef8.42e4: Timestamp: 0x568429dc
4956ef8.42e4: Image Version: 6.1
4966ef8.42e4: SizeOfImage: 0x11f000 (1175552)
4976ef8.42e4: Resource Dir: 0x116000 LB 0x528
4986ef8.42e4: ProductName: Microsoft® Windows® Operating System
4996ef8.42e4: ProductVersion: 6.1.7601.19110
5006ef8.42e4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5016ef8.42e4: FileDescription: Windows NT BASE API Client DLL
5026ef8.42e4: \SystemRoot\System32\KernelBase.dll:
5036ef8.42e4: CreationTime: 2016-01-13T05:06:14.730461800Z
5046ef8.42e4: LastWriteTime: 2015-12-30T18:57:55.761000000Z
5056ef8.42e4: ChangeTime: 2016-01-14T03:47:38.416008900Z
5066ef8.42e4: FileAttributes: 0x20
5076ef8.42e4: Size: 0x67a00
5086ef8.42e4: NT Headers: 0xe8
5096ef8.42e4: Timestamp: 0x568429dd
5106ef8.42e4: Machine: 0x8664 - amd64
5116ef8.42e4: Timestamp: 0x568429dd
5126ef8.42e4: Image Version: 6.1
5136ef8.42e4: SizeOfImage: 0x6c000 (442368)
5146ef8.42e4: Resource Dir: 0x6a000 LB 0x530
5156ef8.42e4: ProductName: Microsoft® Windows® Operating System
5166ef8.42e4: ProductVersion: 6.1.7601.19110
5176ef8.42e4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5186ef8.42e4: FileDescription: Windows NT BASE API Client DLL
5196ef8.42e4: \SystemRoot\System32\apisetschema.dll:
5206ef8.42e4: CreationTime: 2016-01-13T05:06:14.540450900Z
5216ef8.42e4: LastWriteTime: 2015-12-30T18:54:58.839000000Z
5226ef8.42e4: ChangeTime: 2016-01-14T03:47:38.291208600Z
5236ef8.42e4: FileAttributes: 0x20
5246ef8.42e4: Size: 0x1a00
5256ef8.42e4: NT Headers: 0xc0
5266ef8.42e4: Timestamp: 0x568428c9
5276ef8.42e4: Machine: 0x8664 - amd64
5286ef8.42e4: Timestamp: 0x568428c9
5296ef8.42e4: Image Version: 6.1
5306ef8.42e4: SizeOfImage: 0x50000 (327680)
5316ef8.42e4: Resource Dir: 0x30000 LB 0x3f8
5326ef8.42e4: ProductName: Microsoft® Windows® Operating System
5336ef8.42e4: ProductVersion: 6.1.7601.19110
5346ef8.42e4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
5356ef8.42e4: FileDescription: ApiSet Schema DLL
5366ef8.42e4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5376ef8.42e4: supR3HardenedWinFindAdversaries: 0x80
5386ef8.42e4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5396ef8.42e4: CreationTime: 2015-11-06T06:50:12.660752300Z
5406ef8.42e4: LastWriteTime: 2015-11-06T06:53:14.755687000Z
5416ef8.42e4: ChangeTime: 2015-11-06T06:53:14.755687000Z
5426ef8.42e4: FileAttributes: 0x20
5436ef8.42e4: Size: 0x2eed8
5446ef8.42e4: NT Headers: 0xe0
5456ef8.42e4: Timestamp: 0x55b855d9
5466ef8.42e4: Machine: 0x8664 - amd64
5476ef8.42e4: Timestamp: 0x55b855d9
5486ef8.42e4: Image Version: 6.1
5496ef8.42e4: SizeOfImage: 0x33000 (208896)
5506ef8.42e4: Resource Dir: 0x31000 LB 0x3b8
5516ef8.42e4: ProductName: Malwarebytes Anti-Malware
5526ef8.42e4: ProductVersion: 0.3.0.0
5536ef8.42e4: FileVersion: 0.3.0.0
5546ef8.42e4: FileDescription: Malwarebytes Anti-Malware
5556ef8.42e4: \SystemRoot\System32\drivers\mwac.sys:
5566ef8.42e4: CreationTime: 2015-11-06T06:49:17.342654200Z
5576ef8.42e4: LastWriteTime: 2015-10-05T08:50:18.000000000Z
5586ef8.42e4: ChangeTime: 2016-01-16T08:59:55.454640000Z
5596ef8.42e4: FileAttributes: 0x20
5606ef8.42e4: Size: 0xf8d8
5616ef8.42e4: NT Headers: 0xf8
5626ef8.42e4: Timestamp: 0x53a0f42a
5636ef8.42e4: Machine: 0x8664 - amd64
5646ef8.42e4: Timestamp: 0x53a0f42a
5656ef8.42e4: Image Version: 6.2
5666ef8.42e4: SizeOfImage: 0x12000 (73728)
5676ef8.42e4: Resource Dir: 0x10000 LB 0x3e0
5686ef8.42e4: ProductName: Malwarebytes Web Access Control
5696ef8.42e4: ProductVersion: 1.0.6.0
5706ef8.42e4: FileVersion: 1.0.6.0
5716ef8.42e4: FileDescription: Malwarebytes Web Access Control
5726ef8.42e4: \SystemRoot\System32\drivers\mbamchameleon.sys:
5736ef8.42e4: CreationTime: 2015-11-06T06:49:17.342654200Z
5746ef8.42e4: LastWriteTime: 2015-10-05T08:50:10.000000000Z
5756ef8.42e4: ChangeTime: 2015-11-06T06:52:15.029101200Z
5766ef8.42e4: FileAttributes: 0x20
5776ef8.42e4: Size: 0x1aad8
5786ef8.42e4: NT Headers: 0xd8
5796ef8.42e4: Timestamp: 0x55c103c3
5806ef8.42e4: Machine: 0x8664 - amd64
5816ef8.42e4: Timestamp: 0x55c103c3
5826ef8.42e4: Image Version: 6.1
5836ef8.42e4: SizeOfImage: 0x1e000 (122880)
5846ef8.42e4: Resource Dir: 0x1c000 LB 0xba8
5856ef8.42e4: ProductName: Malwarebytes Chameleon
5866ef8.42e4: ProductVersion: 1.1.21.0
5876ef8.42e4: FileVersion: 1.1.21.0
5886ef8.42e4: FileDescription: Malwarebytes Chameleon Protection Driver
5896ef8.42e4: \SystemRoot\System32\drivers\mbam.sys:
5906ef8.42e4: CreationTime: 2015-11-06T06:49:17.327054200Z
5916ef8.42e4: LastWriteTime: 2015-10-05T08:50:06.000000000Z
5926ef8.42e4: ChangeTime: 2016-01-16T08:59:55.445639500Z
5936ef8.42e4: FileAttributes: 0x20
5946ef8.42e4: Size: 0x64d8
5956ef8.42e4: NT Headers: 0xd8
5966ef8.42e4: Timestamp: 0x55ca3257
5976ef8.42e4: Machine: 0x8664 - amd64
5986ef8.42e4: Timestamp: 0x55ca3257
5996ef8.42e4: Image Version: 6.1
6006ef8.42e4: SizeOfImage: 0xa000 (40960)
6016ef8.42e4: Resource Dir: 0x8000 LB 0x3a0
6026ef8.42e4: ProductName: Malwarebytes Anti-Malware
6036ef8.42e4: ProductVersion: 0.1.16.0
6046ef8.42e4: FileVersion: 0.1.16.0
6056ef8.42e4: FileDescription: Malwarebytes Anti-Malware
6066ef8.42e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6076ef8.42e4: Calling main()
6086ef8.42e4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6096ef8.42e4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6106ef8.42e4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6116ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6126ef8.42e4: SUPR3HardenedMain: Final process, opening VBoxDrv...
6136ef8.42e4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
6146ef8.42e4: supR3HardNtEnableThreadCreation:
6156ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6166ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6176ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884300:C:\Windows\system32 [calling]
6186ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6196ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefa460000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6206ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6216ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6226ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6236ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6246ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6256ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6266ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6276ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6286ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6296ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
6306ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6316ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
6326ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
6336ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
6346ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6366ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6376ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6386ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6396ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6406ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6416ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6426ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6436ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6446ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6466ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6476ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6496ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6506ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
6516ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
6526ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6546ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6556ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6576ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884300:C:\Windows\system32 [calling]
6596ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6606ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
6616ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6626ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff7f0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
6636ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6646ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd9d0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
6656ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6666ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
6676ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6686ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff6c0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
6696ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6706ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
6716ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6726ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6736ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008c98b0:C:\Windows\system32 [calling]
6746ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6756ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
6766ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6776ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
6786ef8.42e4: bcrypt.dll loaded at 000007fefd2e0000, BCryptOpenAlgorithmProvider at 000007fefd2e2640, preloading providers:
6796ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6806ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
6816ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
6826ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
6836ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6846ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6856ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6866ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6876ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6886ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6896ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6906ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6916ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6926ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6936ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6946ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6956ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6966ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6976ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6986ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
6996ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7006ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
7016ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7026ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe0e0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
7036ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7046ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
7056ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
7066ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
7076ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
7086ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdf20000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
7096ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7106ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\bcryptprimitives.dll'
7116ef8.42e4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008caf90)
7126ef8.42e4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008cde50)
7136ef8.42e4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008cdf70)
7146ef8.42e4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008ce180)
7156ef8.42e4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008ce2a0)
7166ef8.42e4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008ce3c0)
7176ef8.42e4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008ce600)
7186ef8.42e4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008ce720)
7196ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
7206ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
7216ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7226ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7236ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7246ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7266ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7276ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7286ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7296ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
7306ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7316ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
7326ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7336ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
7346ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7366ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7376ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7386ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7396ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7406ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
7416ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7426ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\rsaenh.dll'
7436ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7446ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7456ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
7466ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
7476ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
7486ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7496ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7506ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd7f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
7516ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7526ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
7536ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7546ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7556ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
7566ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7576ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\WINTRUST.DLL'
7596ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7606ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7616ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\CRYPT32.dll'
7626ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7636ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
7646ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
7656ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
7666ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7676ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7686ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7696ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7706ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7716ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7726ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7736ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7746ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe0c0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
7756ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7766ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0c0000 'C:\Windows\system32\imagehlp.dll'
7776ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7786ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
7796ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
7806ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7816ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
7826ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
7836ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7846ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7856ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7866ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7876ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
7886ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
7896ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7906ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7916ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7926ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7936ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7946ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
7956ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
7966ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7976ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7986ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7996ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
8006ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
8016ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8026ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
8036ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
8046ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
8056ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
8066ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8076ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8086ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8116ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8146ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8156ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8166ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8176ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8186ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8196ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8206ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8216ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8226ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8236ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000077990000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
8246ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8256ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe370000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
8266ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8276ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff430000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
8286ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
8296ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
8306ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
8316ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8326ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8336ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\gdi32.dll'
8346ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
8356ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
8366ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
8376ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
8386ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
8396ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
8406ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
8416ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8426ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
8436ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
8446ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
8456ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
8466ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
8476ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8496ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8506ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8526ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
8546ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
8556ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8576ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8586ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8596ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8606ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8616ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8626ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8636ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8646ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8656ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8666ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8676ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
8686ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8696ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe1c0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
8706ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
8716ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\IMM32.DLL'
8726ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\USER32.dll'
8736ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
8746ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8756ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
8766ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
8776ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
8786ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8796ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8806ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8816ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8826ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8836ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8846ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8856ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8866ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8876ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8886ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8896ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
8906ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8916ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\ncrypt.dll'
8926ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8936ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
8946ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
8956ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8966ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
8976ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8986ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
8996ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
9006ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
9016ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
9026ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9036ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9046ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9056ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9066ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9076ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9106ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9116ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9136ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9146ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9156ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9166ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdc70000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
9176ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9186ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd960000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
9196ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9206ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc70000 'C:\Windows\system32\USERENV.dll'
9216ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9226ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9236ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9246ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9256ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9266ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
9276ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9286ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9296ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9316ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9326ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9346ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9356ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9366ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9376ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
9386ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9396ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\Windows\system32\GPAPI.dll'
9406ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9416ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9426ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9436ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9446ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\rpcrt4.dll'
9456ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9466ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L2-1-0.dll'
9476ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9486ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9496ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9506ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
9516ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
9526ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
9536ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9546ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9556ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
9566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
9576ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9586ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
9596ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9606ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9616ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9626ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9636ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9646ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9656ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9666ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9676ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9686ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9696ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9706ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9716ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9726ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9736ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9746ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefb090000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
9756ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9766ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feffb10000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
9776ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
9786ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9796ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9806ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9816ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9826ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9836ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9846ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9856ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9866ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9876ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9886ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9896ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9906ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9916ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9926ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9936ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9946ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
9956ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9966ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9976ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
9986ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9996ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10006ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10016ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10026ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10036ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10046ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10056ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10066ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10076ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10086ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\cryptnet.dll'
10096ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10106ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10116ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10126ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10136ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\profapi.dll'
10146ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10156ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10166ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10176ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10186ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10196ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10206ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10216ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10226ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10236ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10246ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10266ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10276ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10286ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10296ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10306ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feffe40000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
10316ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10326ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffe40000 'C:\Windows\system32\SHLWAPI.dll'
10336ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10346ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002aa7620
10356ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10366ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=99113493CCEA6CE03AD58304FCE46D35B665BC85
10376ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10386ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10396ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10406ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
10416ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10426ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
10436ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10446ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10456ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
10466ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10476ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10486ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
10496ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10506ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
10516ef8.42e4: g_pfnWinVerifyTrust=000007fefd971010
10526ef8.42e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10536ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
10546ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10556ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10566ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
10576ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10586ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10596ef8.42e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10606ef8.42e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10616ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
10626ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10636ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10646ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
10656ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10666ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10676ef8.42e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10686ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10696ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10716ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
10726ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10736ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10746ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10756ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
10766ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10776ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10786ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
10796ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10806ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10816ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10826ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10836ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10846ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10856ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
10866ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10876ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10886ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10896ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
10906ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10916ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10926ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
10936ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10946ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10956ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10966ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
10976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
10986ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
10996ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
11006ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11016ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11026ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11036ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
11046ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11056ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11066ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
11076ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
11086ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11096ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
11106ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
11116ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11126ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11136ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF6214D5B4EE4D004FA11B4426B0E781D4E918A9
11146ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
11156ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11166ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
11176ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
11186ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11196ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11206ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
11216ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11226ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11236ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11246ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
11256ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11266ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11276ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
11286ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11296ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11306ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11316ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
11326ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11336ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11346ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
11356ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11366ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11376ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11386ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
11396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
11426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11436ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11446ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11456ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
11466ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11476ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11486ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
11496ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11506ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11516ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11526ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
11536ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11546ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11556ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
11566ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
11576ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11586ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11596ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
11606ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11616ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11626ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
11636ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11646ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11656ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11666ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11676ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11686ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11696ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369CA0A282E9201E8C3399DEF1010F6DC0676FA
11706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11716ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11726ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11736ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11746ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11756ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11766ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11776ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
11786ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11796ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11806ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11816ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
11826ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11836ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11846ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
11856ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11866ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11876ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11886ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
11896ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11906ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11916ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6964F437558F504725B2BE66A35240231044644F
11926ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11936ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11946ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11956ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11966ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
11986ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
11996ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
12006ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
12016ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12026ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
12036ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12046ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12056ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
12066ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
12076ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
12086ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12096ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
12106ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
12116ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12126ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
12136ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
12146ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
12156ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12166ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
12176ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12186ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12196ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
12206ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA2C80E31A4EEBFA49ACC284D4C1B701145978CB
12216ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12226ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12236ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12246ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12256ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
12266ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12276ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
12286ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=345936918DE59E26BE1BF613500ED5E48C26873F
12296ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12306ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12316ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12326ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
12336ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12346ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
12356ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B3709F99BA1F5F78D42BD62B72E557388B5AE0
12366ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12376ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12386ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12396ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12406ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000949360:C:\Windows\system32 [calling]
12416ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\crypt32.dll'
12426ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xfd4d9b684e26d000 CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
12436ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12446ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12456ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12466ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12476ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12486ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12496ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12506ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12516ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12526ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12536ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
12546ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12556ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12566ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12576ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12586ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
12596ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12606ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12616ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12626ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12636ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12646ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12656ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12666ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12676ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
12686ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
12696ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12706ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12716ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
12726ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12736ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12746ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12756ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
12766ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12776ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12786ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12796ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12806ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12816ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12826ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
12836ef8.42e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12846ef8.42e4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
12856ef8.42e4: SUPR3HardenedMain: Load Runtime...
12866ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12876ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12886ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12896ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12906ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12916ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12926ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12936ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12946ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12956ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12966ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12986ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
12996ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
13006ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
13016ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
13026ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13036ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13046ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
13056ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
13066ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
13076ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13106ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13116ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
13126ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13146ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13156ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13166ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13176ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13186ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13196ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13206ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
13216ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
13226ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
13236ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
13246ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
13256ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
13266ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
13276ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13286ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
13296ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
13306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13316ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13326ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13346ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13356ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13366ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
13376ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13386ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fee3cf0000 LB 0x00562000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13396ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13406ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13416ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000054360000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13426ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13436ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13446ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000054250000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13456ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13466ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff440000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
13476ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13486ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feffb00000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
13496ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
13506ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13516ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13526ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13536ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13546ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13556ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13566ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13576ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13596ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13606ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13616ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13626ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13636ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13646ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13656ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13666ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13676ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13686ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13696ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13706ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13716ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13726ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13736ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13746ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13756ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13766ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13776ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13786ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13796ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13806ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13816ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13826ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13836ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13846ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13856ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13866ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13876ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13886ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13896ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13906ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13916ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13926ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13936ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13946ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000884b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common [calling]
13956ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13966ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13976ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13986ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13996ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
14006ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d25a0:C:\Windows\system32 [calling]
14016ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
14026ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14036ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d25a0:C:\Windows\system32 [calling]
14046ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\crypt32.dll'
14056ef8.42e4: SUPR3HardenedMain: Load TrustedMain...
14066ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14076ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
14086ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
14096ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14106ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
14116ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
14126ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
14136ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14146ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14156ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
14166ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
14176ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
14186ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
14196ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
14206ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
14216ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
14226ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14236ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
14246ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
14256ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
14266ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
14276ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
14286ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
14296ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
14306ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14316ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14326ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14336ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
14346ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
14356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
14366ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
14376ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14386ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
14396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
14406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
14416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
14426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14436ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14446ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
14456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14466ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14476ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
14486ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
14496ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
14506ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14526ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14536ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14546ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
14556ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
14566ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
14576ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
14586ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14596ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14606ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14616ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14626ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14636ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14646ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
14656ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14666ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14676ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14686ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
14696ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
14706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
14716ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
14726ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
14736ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14746ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14756ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14766ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14776ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14786ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
14796ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
14806ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14816ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14826ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
14836ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
14846ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
14856ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
14866ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
14876ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14886ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14896ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14906ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14916ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14926ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14936ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14946ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14956ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14966ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14976ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14986ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14996ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15006ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15016ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15026ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
15036ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
15046ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15056ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
15066ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15076ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
15086ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
15096ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
15106ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
15116ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
15126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
15136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
15146ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15156ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
15166ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
15176ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
15186ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
15196ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
15206ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
15216ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15226ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
15236ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
15246ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
15256ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
15266ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
15276ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
15286ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
15296ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15316ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15326ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
15336ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15346ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
15356ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15366ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15376ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
15386ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15396ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15406ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15416ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15426ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15436ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15446ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15456ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15466ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15476ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15496ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
15506ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
15516ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
15526ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
15536ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15546ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15556ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15566ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15576ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15586ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
15596ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
15606ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15616ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
15626ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15636ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15646ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15656ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15666ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15676ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
15686ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
15696ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
15706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15716ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
15726ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15736ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15746ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15756ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15766ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15776ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15786ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15796ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
15806ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
15816ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15826ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15836ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
15846ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
15856ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
15866ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15876ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
15886ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15896ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15906ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15916ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15926ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
15936ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15946ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15956ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15966ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15976ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15986ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15996ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16006ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16016ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16026ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16036ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16046ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16056ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16066ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16076ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16096ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16116ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16126ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16146ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16156ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16166ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16176ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16186ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16196ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16206ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16216ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16226ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16236ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16246ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16266ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16276ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16286ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16296ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16316ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16326ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16346ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16366ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16376ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16386ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
16406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
16416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
16426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16436ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
16446ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16466ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16476ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16486ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
16496ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16506ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16526ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16546ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16556ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
16566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16576ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16586ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16596ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16606ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16616ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16626ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16636ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16646ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16656ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16666ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16676ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16686ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16696ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16706ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
16716ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
16726ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16736ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16746ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16756ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16766ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16776ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16786ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16796ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16806ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16816ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16826ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16836ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16846ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16856ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16866ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16876ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16886ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16896ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16906ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16916ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16926ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16936ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16946ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16956ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16966ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16976ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16986ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16996ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17006ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17016ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
17026ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17036ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17046ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17056ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17066ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17076ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17086ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17116ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17146ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
17156ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
17166ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
17176ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
17186ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
17196ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17206ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17216ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17226ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17236ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
17246ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
17256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17266ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17276ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17286ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17296ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17316ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17326ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17346ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17366ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17376ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17386ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17396ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17406ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17416ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17426ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17436ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17446ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17456ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17466ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17476ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17496ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17506ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17526ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17546ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17556ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17576ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17586ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17596ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17606ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17616ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
17626ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
17636ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
17646ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17656ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17666ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17676ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17686ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17696ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
17706ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17716ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17726ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17736ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
17746ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
17756ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
17766ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
17776ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
17786ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17796ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17806ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17816ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17826ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17836ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17846ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17856ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17866ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
17876ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17886ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17896ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17906ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17916ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17926ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17936ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
17946ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
17956ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
17966ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17986ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17996ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
18006ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18016ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
18026ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18036ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18046ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18056ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18066ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18076ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18116ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
18146ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
18156ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
18166ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
18176ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
18186ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
18196ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
18206ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18216ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18226ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
18236ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
18246ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
18256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18266ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18276ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18286ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18296ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18316ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18326ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18346ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18366ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18376ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18386ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
18406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
18416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
18426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
18436ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18446ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18466ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18476ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
18486ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18496ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18506ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18526ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18546ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18556ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18566ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18576ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18586ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18596ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18606ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18616ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18626ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18636ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18646ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18656ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18666ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
18676ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18686ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fee0580000 LB 0x00abe000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18696ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18706ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18716ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feebc20000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
18726ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18736ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18746ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef44d0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
18756ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18766ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18776ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feebd60000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
18786ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18796ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18806ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefa4d0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
18816ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18826ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff170000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
18836ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
18846ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
18856ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18866ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff350000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
18876ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18886ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefdd10000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
18896ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18906ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
18916ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
18926ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18936ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef9fc0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18946ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18956ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18966ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000052460000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
18976ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18986ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18996ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000064520000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
19006ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
19016ef8.42e4: supR3HardenedDllNotificationCallback: load 000007feff620000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
19026ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19036ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19046ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19056ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19066ef8.42e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
19076ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
19086ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef9410000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
19096ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
19106ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe3e0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
19116ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19126ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19136ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
19146ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19156ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
19166ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef9090000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
19176ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
19186ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19196ef8.42e4: supR3HardenedDllNotificationCallback: load 0000000050580000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
19206ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19216ef8.42e4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
19226ef8.42e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
19236ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19246ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19266ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19276ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19286ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19296ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19306ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f3ce0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19316ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\imm32.dll'
19326ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0580000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19336ef8.42e4: SUPR3HardenedMain: Calling TrustedMain (000007fee05810d0)...
19346ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19356ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19366ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
19376ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19386ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
19396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
19406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
19416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19436ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19446ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19466ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19476ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19496ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19506ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19516ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19526ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19536ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19546ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002aa9170:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19556ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19566ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefa3c0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
19576ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19596ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19606ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002aa9170:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19616ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19626ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19636ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c86a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19646ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19656ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19666ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c86a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19676ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19686ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19696ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19706ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9fc0000 'C:\Windows\system32\dwmapi.dll'
19716ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
19726ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19736ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
19746ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19756ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19766ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\shell32.dll'
19776ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19786ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19796ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
19806ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19816ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19826ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19836ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19846ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19856ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19866ef8.42e4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19876ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19886ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
19896ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
19906ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19916ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19926ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\uxtheme.dll'
19936ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
19946ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\advapi32.dll'
19956ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19966ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19976ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc70000 'C:\Windows\system32\userenv.dll'
19986ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19996ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20006ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32\kernel32.dll'
20016ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20026ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
20036ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
20046ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
20056ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
20066ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20076ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20086ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20096ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20106ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20116ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20126ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20136ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
20146ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20156ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20166ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20176ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20186ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20196ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20206ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20216ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20226ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20236ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20246ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20256ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20266ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20276ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20286ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20296ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20306ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20316ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20326ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefe2d0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
20336ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20346ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2d0000 'C:\Windows\system32\CLBCatQ.DLL'
20356ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
20366ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
20376ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f3e90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20386ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
20396ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20406ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
20416ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
20426ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20436ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20446ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20456ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20466ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20476ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20486ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20496ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20506ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f3e90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20516ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20526ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fefd8a0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
20536ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20546ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\RpcRtRemote.dll'
20556ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20566ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20576ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
20586ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
20596ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
20606ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
20616ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
20626ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
20636ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
20646ef8.6a78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20656ef8.6a78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20666ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20676ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20686ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20696ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20706ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20716ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20726ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20736ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20746ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20756ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
20766ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
20776ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
20786ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
20796ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
20806ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
20816ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
20826ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20836ef8.6a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20846ef8.6a78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
20856ef8.6a78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
20866ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20876ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20886ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20896ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20906ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20916ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
20926ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
20936ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000674 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
20946ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
20956ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
20966ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
20976ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
20986ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20996ef8.6a78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
21006ef8.6a78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
21016ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21026ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21036ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21046ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21056ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21066ef8.6a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21076ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21086ef8.6a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21096ef8.6a78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009242f0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21106ef8.6a78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21116ef8.6a78: supR3HardenedDllNotificationCallback: load 000007fee20e0000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21126ef8.6a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21136ef8.6a78: supR3HardenedDllNotificationCallback: load 0000000077d80000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
21146ef8.6a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
21156ef8.6a78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21166ef8.6a78: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
21176ef8.6a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21186ef8.6a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee20e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21196ef8.6a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21206ef8.6a78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c86a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21216ef8.6a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\oleaut32.dll'
21226ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
21236ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
21246ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
21256ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
21266ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
21276ef8.6a78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21286ef8.6a78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
21296ef8.6a78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
21306ef8.6a78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21316ef8.6a78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
21326ef8.6a78: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
21336ef8.6a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
21346ef8.6a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\SXS.DLL'
21356ef8.6a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
21366ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21376ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f48b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21386ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
21396ef8.42e4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
21406ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005088aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21416ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
21426ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\gdi32.dll'
21436ef8.6dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21446ef8.6dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21456ef8.6dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
21466ef8.6dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21476ef8.6dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21486ef8.6dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21496ef8.6dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21506ef8.6dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21516ef8.6dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000050855e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21526ef8.6dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21536ef8.6dec: supR3HardenedDllNotificationCallback: load 000007fef9660000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
21546ef8.6dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21556ef8.6dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9660000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
21566ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
21576ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21586ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21596ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\shell32.dll'
21606ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
21616ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21626ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21636ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
21646ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21656ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21666ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
21676ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21686ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21696ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
21706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21716ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
21726ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
21736ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
21746ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
21756ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21766ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21776ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
21786ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21796ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21806ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
21816ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
21826ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
21836ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21846ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21856ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21866ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21876ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21886ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21896ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21906ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21916ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21926ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21936ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21946ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21956ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a7c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21966ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
21976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
21986ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
21996ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
22006ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22016ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22026ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
22036ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22046ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22056ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
22066ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
22076ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22116ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22126ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22146ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22156ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22166ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22176ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22186ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22196ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22206ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22216ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22226ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030df0f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22236ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22246ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef5010000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
22256ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22266ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22276ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef53b0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
22286ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22296ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5010000 'C:\Windows\system32\wbem\wbemprox.dll'
22306ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22316ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
22326ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
22336ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
22346ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
22356ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22366ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22376ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22386ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22396ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22406ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22416ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22426ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22436ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22446ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030df0f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22456ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22466ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef4c00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
22476ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22486ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4c00000 'C:\Windows\system32\wbem\wbemsvc.dll'
22496ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22506ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
22516ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
22526ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
22536ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
22546ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22556ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22566ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
22576ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
22586ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
22596ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22606ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
22616ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22626ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22636ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
22646ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
22656ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22666ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
22676ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
22686ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
22696ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
22706ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22716ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22726ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
22736ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
22746ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
22756ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22766ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22776ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22786ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22796ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22806ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22816ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22826ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22836ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22846ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22856ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22866ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22876ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22886ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22896ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22906ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22916ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22926ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22936ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22946ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22956ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030df0f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22966ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22976ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef5090000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
22986ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22996ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23006ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef5060000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
23016ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23026ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5090000 'C:\Windows\system32\wbem\fastprox.dll'
23036ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
23046ef8.42e4: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
23056ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
23066ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
23076ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
23086ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
23096ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
23106ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
23116ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23126ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
23136ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008f45e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23146ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9410000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
23156ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23166ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
23176ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23186ef8.6c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
23196ef8.6c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23206ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23216ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23226ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
23236ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
23246ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
23256ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23266ef8.6c98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
23276ef8.6c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
23286ef8.6c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23296ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23306ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23316ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23326ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23336ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23346ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23356ef8.6c98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23366ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23376ef8.6c98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23386ef8.6c98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23396ef8.6c98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23406ef8.6c98: supR3HardenedDllNotificationCallback: load 000007fee3a50000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
23416ef8.6c98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23426ef8.6c98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23436ef8.6c98: supR3HardenedDllNotificationCallback: load 0000000052350000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
23446ef8.6c98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23456ef8.6c98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3a50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
23466ef8.6d84: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
23476ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
23486ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
23496ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
23506ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
23516ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
23526ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23536ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
23546ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
23556ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
23566ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
23576ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
23586ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23596ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
23606ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
23616ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
23626ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23636ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
23646ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
23656ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
23666ef8.6d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
23676ef8.6d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
23686ef8.6d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
23696ef8.6d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
23706ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b94 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23716ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
23726ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
23736ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
23746ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
23756ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23766ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
23776ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23786ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
23796ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23806ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23816ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
23826ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
23836ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
23846ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
23856ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23866ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23876ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23886ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b84 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23896ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
23906ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
23916ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
23926ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
23936ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23946ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23956ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
23966ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
23976ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
23986ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23996ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24006ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24016ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24026ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
24036ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24046ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24056ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24066ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24076ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24086ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24096ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24106ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24116ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24126ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24136ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24146ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24156ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24166ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24176ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24186ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
24196ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24206ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
24216ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
24226ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
24236ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
24246ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24256ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24266ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24276ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24286ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
24296ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
24306ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24316ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
24326ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
24336ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
24346ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
24356ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24366ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24376ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24386ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24396ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
24406ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
24416ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24426ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24436ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24446ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24456ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24466ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24476ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24486ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24496ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24506ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24516ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
24526ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
24536ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
24546ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
24556ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
24566ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24576ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
24586ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
24596ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
24606ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
24616ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24626ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24636ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24646ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
24656ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
24666ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24676ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
24686ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
24696ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
24706ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
24716ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
24726ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
24736ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
24746ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
24756ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
24766ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
24776ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24786ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
24796ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
24806ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
24816ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
24826ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24836ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
24846ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
24856ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
24866ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
24876ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24886ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24896ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
24906ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
24916ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
24926ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
24936ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
24946ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
24956ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
24966ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
24976ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
24986ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
24996ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
25006ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25016ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25026ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25036ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25046ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
25056ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
25066ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
25076ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
25086ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
25096ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25106ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25116ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25126ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25136ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
25146ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25156ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25166ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25176ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25186ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25196ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25206ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25216ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25226ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25236ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25246ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25256ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25266ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25276ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
25286ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
25296ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
25306ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25316ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25326ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25336ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
25346ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
25356ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
25366ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25376ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25386ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25396ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25406ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25416ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
25426ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25436ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25446ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25456ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25466ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
25476ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
25486ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
25496ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
25506ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
25516ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
25526ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
25536ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
25546ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c90f0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25556ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
25566ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fef4ee0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
25576ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
25586ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25596ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefc9b0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
25606ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25616ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25626ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefc9a0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
25636ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25646ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4ee0000 'C:\Windows\system32\netcfgx.dll'
25656ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25666ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25676ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\SETUPAPI.dll'
25686ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25696ef8.6d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
25706ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
25716ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
25726ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
25736ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b88 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
25746ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
25756ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
25766ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
25776ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
25786ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25796ef8.6d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
25806ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
25816ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25826ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25836ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25846ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\WINTRUST.dll'
25856ef8.6bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25866ef8.6bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25876ef8.6bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25886ef8.6bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25896ef8.6bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25906ef8.6bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25916ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25926ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25936ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25946ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25956ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25966ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25976ef8.6bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25986ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25996ef8.6bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26006ef8.6bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26016ef8.6bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26026ef8.6bf4: supR3HardenedDllNotificationCallback: load 000007fef9680000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
26036ef8.6bf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26046ef8.6bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9680000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
26056ef8.6fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26066ef8.6fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26076ef8.6fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26086ef8.6fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
26096ef8.6fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26106ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26116ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26126ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26136ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26146ef8.6fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
26156ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26166ef8.6fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26176ef8.6fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26186ef8.6fc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26196ef8.6fc8: supR3HardenedDllNotificationCallback: load 000007fef4890000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
26206ef8.6fc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26216ef8.6fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4890000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
26226ef8.6b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26236ef8.6b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26246ef8.6b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26256ef8.6b14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26266ef8.6b14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26276ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26286ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26296ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26306ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26316ef8.6b14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
26326ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26336ef8.6b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26346ef8.6b14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f4790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26356ef8.6b14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26366ef8.6b14: supR3HardenedDllNotificationCallback: load 000007fef4900000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26376ef8.6b14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26386ef8.6b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4900000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26396ef8.6a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26406ef8.6a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26416ef8.6a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26426ef8.6a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26436ef8.6a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26446ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26456ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26466ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26476ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26486ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26496ef8.6a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26506ef8.6a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26516ef8.6a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26526ef8.6a64: supR3HardenedDllNotificationCallback: load 000007fef4880000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26536ef8.6a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26546ef8.6a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4880000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26556ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26566ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26576ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26586ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32/Shell32.dll'
26596ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
26606ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26616ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
26626ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
26636ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26646ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd960000 'C:\Windows\system32\profapi.dll'
26656ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26666ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26676ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3a50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26686ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26696ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26706ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26716ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26726ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26736ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
26746ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26756ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26766ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26776ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26786ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26796ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26806ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26816ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26826ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26836ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26846ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26856ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26866ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26876ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf20000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26886ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26896ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf20000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
26906ef8.6d84: supR3HardenedDllNotificationCallback: Unload 000007feedf20000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
26916ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26926ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26936ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26946ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
26956ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
26966ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26976ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26986ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
26996ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27006ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27016ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27026ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27036ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27046ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
27056ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27066ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27076ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27086ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27096ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27106ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
27116ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27126ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27136ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27146ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27156ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27166ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27176ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27186ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27196ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27206ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27216ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27226ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27236ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27246ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27256ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27266ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27276ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27286ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27296ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
27306ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
27316ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27326ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27336ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27346ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27356ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27366ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27376ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27386ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27396ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27406ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
27416ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27426ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27436ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
27446ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
27456ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d40 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
27466ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
27476ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
27486ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
27496ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
27506ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27516ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27526ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27536ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27546ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
27556ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
27566ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
27576ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
27586ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
27596ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
27606ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27616ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27626ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27636ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27646ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27656ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27666ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27676ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27686ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27696ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27706ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27716ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27726ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27736ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27746ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27756ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27766ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27776ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27786ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27796ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27806ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27816ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27826ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
27836ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
27846ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27856ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27866ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27876ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27886ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27896ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27906ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27916ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27926ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27936ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27946ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fee1210000 LB 0x008e5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27956ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27966ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27976ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feed6a0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27986ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27996ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
28006ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feeb820000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
28016ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
28026ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28036ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf90000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
28046ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28056ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1210000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
28066ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28076ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28086ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28096ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feeaea0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28106ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28116ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeaea0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
28126ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28136ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28146ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28156ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee20e0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
28166ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28176ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28186ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28196ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf90000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
28206ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28216ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28226ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
28236ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28246ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28256ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28266ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28276ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28286ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28296ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28306ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf70000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
28316ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28326ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
28336ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28346ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28356ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
28366ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28376ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28386ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28396ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28406ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28416ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28426ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28436ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
28446ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28456ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf40000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
28466ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28476ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28486ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
28496ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28506ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28516ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28526ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28536ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28546ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28556ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28566ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
28576ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28586ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf20000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
28596ef8.6e2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28606ef8.6e2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28616ef8.6e2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28626ef8.6e2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28636ef8.6e2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28646ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28656ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28666ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28676ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28686ef8.6e2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28696ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28706ef8.6e2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28716ef8.6e2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28726ef8.6e2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28736ef8.6e2c: supR3HardenedDllNotificationCallback: load 000007fef4840000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
28746ef8.6e2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28756ef8.6e2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4840000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
28766ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28776ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28786ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28796ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
28806ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28816ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
28826ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28836ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28846ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28856ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28866ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28876ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28886ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28896ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28906ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28916ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28926ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28936ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28946ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28956ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feea8e0000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
28966ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28976ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea8e0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
28986ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
28996ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
29006ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
29016ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
29026ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
29036ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29046ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29056ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29066ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29076ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29086ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
29096ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
29106ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
29116ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
29126ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
29136ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
29146ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
29156ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
29166ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
29176ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
29186ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
29196ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29206ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29216ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29226ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29236ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
29246ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
29256ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29266ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29276ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29286ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29296ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29306ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
29316ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29326ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29336ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29346ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29356ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29366ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29376ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29386ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29396ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29406ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29416ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29426ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29436ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29446ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084c50:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29456ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29466ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feec250000 LB 0x00088000 C:\Windows\system32\dsound.dll [fFlags=0x0]
29476ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29486ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
29496ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefb0f0000 LB 0x0002c000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
29506ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
29516ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29526ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29536ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\system32\dsound.dll'
29546ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\system32/dsound.dll'
29556ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e54 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29566ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
29576ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
29586ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
29596ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
29606ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29616ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29626ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29636ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29646ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
29656ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29666ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29676ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29686ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29696ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
29706ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
29716ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
29726ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
29736ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
29746ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29756ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29766ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
29776ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
29786ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29796ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29806ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
29816ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
29826ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29836ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29846ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29856ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29866ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29876ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29886ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29896ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29906ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29916ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29926ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29936ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29946ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29956ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29966ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29976ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29986ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9720:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29996ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30006ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefa630000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
30016ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30026ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30036ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefa500000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
30046ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30056ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0e0000 'C:\Windows\system32\ADVAPI32.dll'
30066ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\System32\MMDevApi.dll'
30076ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
30086ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30096ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084bc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30106ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\SETUPAPI.dll'
30116ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
30126ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30136ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffe40000 'C:\Windows\system32\SHLWAPI.dll'
30146ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30156ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30166ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\system32\MMDEVAPI.DLL'
30176ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
30186ef8.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
30196ef8.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30206ef8.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\CFGMGR32.dll'
30216ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30226ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30236ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
30246ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30256ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
30266ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30276ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
30286ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\RPCRT4.dll'
30296ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30306ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30316ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa630000 'C:\Windows\system32\MMDevAPI.DLL'
30326ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30336ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
30346ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
30356ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
30366ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30376ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30386ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30396ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30406ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30416ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30426ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
30436ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
30446ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
30456ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
30466ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
30476ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30486ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30496ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30506ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
30516ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
30526ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
30536ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
30546ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
30556ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30566ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
30576ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
30586ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30596ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30606ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30616ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30626ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30636ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e98 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
30646ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
30656ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
30666ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
30676ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
30686ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30696ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30706ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
30716ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30726ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30736ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30746ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30756ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30766ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30776ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30786ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30796ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30806ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30816ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30826ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30836ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30846ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30856ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30866ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30876ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feead80000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
30886ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30896ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30906ef8.6d84: supR3HardenedDllNotificationCallback: load 00000000741c0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
30916ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30926ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30936ef8.6d84: supR3HardenedDllNotificationCallback: load 000007fefa4f0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
30946ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30956ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30966ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30976ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
30986ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
30996ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31006ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31016ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31026ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31036ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31046ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31056ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31066ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31076ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31086ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31096ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
31106ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
31116ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
31126ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
31136ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31146ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31156ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31166ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31176ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
31186ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31196ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
31206ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
31216ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
31226ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31236ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31246ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31256ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31266ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31276ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31286ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31296ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31306ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31316ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31326ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
31336ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31346ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31356ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31366ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31376ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31386ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31396ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31406ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31416ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feec160000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
31426ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31436ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec160000 'C:\Windows\system32\AUDIOSES.DLL'
31446ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31456ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005084aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31466ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31476ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31486ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000050858b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31496ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31506ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31516ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31526ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31536ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31546ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31556ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31566ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feead80000 'C:\Windows\system32\wdmaud.drv'
31576ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
31586ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
31596ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
31606ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
31616ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
31626ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31636ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31646ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31656ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
31666ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
31676ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
31686ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
31696ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31706ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31716ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31726ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31736ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31746ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31756ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ecc pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
31766ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
31776ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
31786ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
31796ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
31806ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31816ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31826ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31836ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
31846ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
31856ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
31866ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
31876ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31886ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31896ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31906ef8.6d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31916ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31926ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31936ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31946ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31956ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31966ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31976ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31986ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31996ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32006ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32016ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32026ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32036ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32046ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32056ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32066ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32076ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feee2c0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
32086ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32096ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32106ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feed5e0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
32116ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32126ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32136ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32146ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32156ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32166ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32176ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32186ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32196ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32206ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32216ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32226ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32236ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32246ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32256ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32266ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32276ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32286ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32296ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32306ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32316ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32326ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32336ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee2c0000 'C:\Windows\system32\msacm32.drv'
32346ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
32356ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
32366ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
32376ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
32386ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
32396ef8.6d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32406ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32416ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
32426ef8.6d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
32436ef8.6d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
32446ef8.6d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
32456ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32466ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32476ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32486ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32496ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32506ef8.6d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32516ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32526ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32536ef8.6d84: supR3HardenedDllNotificationCallback: load 000007feedf60000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
32546ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32556ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32566ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32576ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32586ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32596ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32606ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32616ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32626ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32636ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32646ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedf60000 'C:\Windows\system32\midimap.dll'
32656ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32666ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32676ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32686ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd10000 'C:\Windows\system32\ole32.dll'
32696ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32706ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32716ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32726ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005085670:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32736ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32746ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32756ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9e00:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32766ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec250000 'C:\Windows\System32\dsound.dll'
32776ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32786ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32796ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32806ef8.65a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32816ef8.65a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000030c9ca0:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32826ef8.65a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec160000 'C:\Windows\System32\audioses.dll'
32836ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32846ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\winmm.dll'
32856ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3a50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32866ef8.6d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32876ef8.6d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f38f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32886ef8.6d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32896ef8.6d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a90000 'C:\Windows\system32/kernel32.dll'
32906ef8.6c98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff350000 'C:\Windows\system32\OLEAUT32.dll'
32916ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\user32.dll'
32926ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\WINMM.dll'
32936ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b04 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
32946ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
32956ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
32966ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B48D4C63C7308FE42B2B7DF054999F6CE86C20
32976ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
32986ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32996ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33006ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
33016ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33026ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33036ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
33046ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
33056ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
33066ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
33076ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33086ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33096ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
33106ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
33116ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
33126ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33136ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33146ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f44c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33156ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
33166ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef8ff0000 LB 0x0009c000 C:\Windows\system32\mscms.dll [fFlags=0x0]
33176ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
33186ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ff0000 'C:\Windows\system32\mscms.dll'
33196ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001064 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
33206ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002aa7620
33216ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002aa7620
33226ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A467A1C0C873D06FC9374DE3DAC05A8C3CE89002
33236ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
33246ef8.42e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33256ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33266ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
33276ef8.42e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
33286ef8.42e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
33296ef8.42e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
33306ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33316ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33326ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
33336ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
33346ef8.42e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
33356ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33366ef8.42e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33376ef8.42e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008f44c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
33386ef8.42e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
33396ef8.42e4: supR3HardenedDllNotificationCallback: load 000007fef4520000 LB 0x00042000 C:\Windows\system32\icm32.dll [fFlags=0x0]
33406ef8.42e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
33416ef8.42e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4520000 'C:\Windows\system32\icm32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy