VirtualBox

Ticket #15182: VBoxHardening.log

File VBoxHardening.log, 399.2 KB (added by JamesJohnston, 9 years ago)
Line 
1a820.9c40: Log file opened: 5.0.15r105747 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2a820.9c40: \SystemRoot\System32\ntdll.dll:
3a820.9c40: CreationTime: 2016-01-17T21:35:46.838007700Z
4a820.9c40: LastWriteTime: 2015-12-30T19:05:33.659216000Z
5a820.9c40: ChangeTime: 2016-01-17T23:16:48.417639200Z
6a820.9c40: FileAttributes: 0x20
7a820.9c40: Size: 0x1a67c0
8a820.9c40: NT Headers: 0xe0
9a820.9c40: Timestamp: 0x568429e5
10a820.9c40: Machine: 0x8664 - amd64
11a820.9c40: Timestamp: 0x568429e5
12a820.9c40: Image Version: 6.1
13a820.9c40: SizeOfImage: 0x1a9000 (1740800)
14a820.9c40: Resource Dir: 0x14d000 LB 0x5a028
15a820.9c40: ProductName: Microsoft® Windows® Operating System
16a820.9c40: ProductVersion: 6.1.7601.19110
17a820.9c40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
18a820.9c40: FileDescription: NT Layer DLL
19a820.9c40: \SystemRoot\System32\kernel32.dll:
20a820.9c40: CreationTime: 2016-01-17T21:35:47.624039900Z
21a820.9c40: LastWriteTime: 2015-12-30T18:57:55.730000000Z
22a820.9c40: ChangeTime: 2016-01-17T23:16:48.636039600Z
23a820.9c40: FileAttributes: 0x20
24a820.9c40: Size: 0x11c000
25a820.9c40: NT Headers: 0xe8
26a820.9c40: Timestamp: 0x568429dc
27a820.9c40: Machine: 0x8664 - amd64
28a820.9c40: Timestamp: 0x568429dc
29a820.9c40: Image Version: 6.1
30a820.9c40: SizeOfImage: 0x11f000 (1175552)
31a820.9c40: Resource Dir: 0x116000 LB 0x528
32a820.9c40: ProductName: Microsoft® Windows® Operating System
33a820.9c40: ProductVersion: 6.1.7601.19110
34a820.9c40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
35a820.9c40: FileDescription: Windows NT BASE API Client DLL
36a820.9c40: \SystemRoot\System32\KernelBase.dll:
37a820.9c40: CreationTime: 2016-01-17T21:35:45.766972700Z
38a820.9c40: LastWriteTime: 2015-12-30T18:57:55.761000000Z
39a820.9c40: ChangeTime: 2016-01-17T23:16:48.636039600Z
40a820.9c40: FileAttributes: 0x20
41a820.9c40: Size: 0x67a00
42a820.9c40: NT Headers: 0xe8
43a820.9c40: Timestamp: 0x568429dd
44a820.9c40: Machine: 0x8664 - amd64
45a820.9c40: Timestamp: 0x568429dd
46a820.9c40: Image Version: 6.1
47a820.9c40: SizeOfImage: 0x6c000 (442368)
48a820.9c40: Resource Dir: 0x6a000 LB 0x530
49a820.9c40: ProductName: Microsoft® Windows® Operating System
50a820.9c40: ProductVersion: 6.1.7601.19110
51a820.9c40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
52a820.9c40: FileDescription: Windows NT BASE API Client DLL
53a820.9c40: \SystemRoot\System32\apisetschema.dll:
54a820.9c40: CreationTime: 2016-01-17T21:35:45.077966800Z
55a820.9c40: LastWriteTime: 2015-12-30T18:54:58.839000000Z
56a820.9c40: ChangeTime: 2016-01-17T23:16:48.386439200Z
57a820.9c40: FileAttributes: 0x20
58a820.9c40: Size: 0x1a00
59a820.9c40: NT Headers: 0xc0
60a820.9c40: Timestamp: 0x568428c9
61a820.9c40: Machine: 0x8664 - amd64
62a820.9c40: Timestamp: 0x568428c9
63a820.9c40: Image Version: 6.1
64a820.9c40: SizeOfImage: 0x50000 (327680)
65a820.9c40: Resource Dir: 0x30000 LB 0x3f8
66a820.9c40: ProductName: Microsoft® Windows® Operating System
67a820.9c40: ProductVersion: 6.1.7601.19110
68a820.9c40: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
69a820.9c40: FileDescription: ApiSet Schema DLL
70a820.9c40: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71a820.9c40: supR3HardenedWinFindAdversaries: 0x400
72a820.9c40: \SystemRoot\System32\drivers\MpFilter.sys:
73a820.9c40: CreationTime: 2015-03-04T19:34:52.000000000Z
74a820.9c40: LastWriteTime: 2015-03-04T19:34:52.000000000Z
75a820.9c40: ChangeTime: 2015-07-25T15:39:46.208932100Z
76a820.9c40: FileAttributes: 0x20
77a820.9c40: Size: 0x44738
78a820.9c40: NT Headers: 0xf0
79a820.9c40: Timestamp: 0x54efb880
80a820.9c40: Machine: 0x8664 - amd64
81a820.9c40: Timestamp: 0x54efb880
82a820.9c40: Image Version: 6.3
83a820.9c40: SizeOfImage: 0x44000 (278528)
84a820.9c40: Resource Dir: 0x42000 LB 0xd50
85a820.9c40: ProductName: Microsoft Malware Protection
86a820.9c40: ProductVersion: 4.8.0200.0
87a820.9c40: FileVersion: 4.8.0200.0
88a820.9c40: FileDescription: Microsoft antimalware file system filter driver
89a820.9c40: \SystemRoot\System32\drivers\NisDrvWFP.sys:
90a820.9c40: CreationTime: 2011-04-27T15:25:24.000000000Z
91a820.9c40: LastWriteTime: 2015-03-04T19:34:52.000000000Z
92a820.9c40: ChangeTime: 2015-07-25T15:39:46.078931900Z
93a820.9c40: FileAttributes: 0x20
94a820.9c40: Size: 0x1e698
95a820.9c40: NT Headers: 0xf0
96a820.9c40: Timestamp: 0x54efb8af
97a820.9c40: Machine: 0x8664 - amd64
98a820.9c40: Timestamp: 0x54efb8af
99a820.9c40: Image Version: 6.3
100a820.9c40: SizeOfImage: 0x1f000 (126976)
101a820.9c40: Resource Dir: 0x1c000 LB 0x1b90
102a820.9c40: ProductName: Microsoft Malware Protection
103a820.9c40: ProductVersion: 4.8.0200.0
104a820.9c40: FileVersion: 4.8.0200.0
105a820.9c40: FileDescription: Microsoft Network Realtime Inspection Driver
106a820.9c40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
107a820.9c40: Calling main()
108a820.9c40: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
109a820.9c40: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
110a820.9c40: SUPR3HardenedMain: Respawn #1
111a820.9c40: System32: \Device\HarddiskVolume2\Windows\System32
112a820.9c40: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
113a820.9c40: KnownDllPath: C:\windows\system32
114a820.9c40: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
115a820.9c40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
116a820.9c40: supR3HardNtEnableThreadCreation:
117a820.9c40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8b630 pvNtTerminateThread=0000000077aadee0
118a820.9c40: supR3HardenedWinDoReSpawn(1): New child a4b0.a810 [kernel32].
119a820.9c40: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
120a820.9c40: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077a60000 uNtDllChildAddr=0000000077a60000
121a820.9c40: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077a8b630
122a820.9c40: supR3HardenedWinSetupChildInit: Start child.
123a820.9c40: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
124a820.9c40: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps
125a820.9c40: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
126a820.9c40: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
127a820.9c40: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
128a820.9c40: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
129a820.9c40: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
130a820.9c40: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
131a820.9c40: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
132a820.9c40: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
133a820.9c40: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
134a820.9c40: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
135a820.9c40: 0000000000210000-ffffffff889bffff 0x0001/0x0000 0x0000000
136a820.9c40: *0000000077a60000-0000000077a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137a820.9c40: 0000000077a61000-0000000077b5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138a820.9c40: 0000000077b5f000-0000000077b8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139a820.9c40: 0000000077b8e000-0000000077b95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140a820.9c40: 0000000077b96000-0000000077b96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141a820.9c40: 0000000077b97000-0000000077b99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
142a820.9c40: 0000000077b9a000-0000000077c08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143a820.9c40: 0000000077c09000-0000000070831fff 0x0001/0x0000 0x0000000
144a820.9c40: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
145a820.9c40: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
146a820.9c40: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
147a820.9c40: 000000007fff0000-ffffffffc0edffff 0x0001/0x0000 0x0000000
148a820.9c40: *000000013f100000-000000013f100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
149a820.9c40: 000000013f101000-000000013f187fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
150a820.9c40: 000000013f188000-000000013f188fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
151a820.9c40: 000000013f189000-000000013f1d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
152a820.9c40: 000000013f1d4000-000000013f1d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
153a820.9c40: 000000013f1d5000-000000013f1d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
154a820.9c40: 000000013f1d6000-000000013f1dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
155a820.9c40: 000000013f1db000-000000013f1dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
156a820.9c40: 000000013f1dc000-000000013f1dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
157a820.9c40: 000000013f1dd000-000000013f1e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
158a820.9c40: 000000013f1e1000-000000013f22bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
159a820.9c40: 000000013f22c000-fffff8037e6d7fff 0x0001/0x0000 0x0000000
160a820.9c40: *000007feffd80000-000007feffd80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
161a820.9c40: 000007feffd81000-000007fdffb51fff 0x0001/0x0000 0x0000000
162a820.9c40: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
163a820.9c40: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
164a820.9c40: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
165a820.9c40: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
166a820.9c40: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
167a820.9c40: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
168a820.9c40: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
169a820.9c40: VirtualBox.exe: timestamp 0x56d065f7 (rc=VINF_SUCCESS)
170a820.9c40: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
171a820.9c40: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
172a820.9c40: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
173a820.9c40: supR3HardNtChildPurify: Done after 614 ms and 0 fixes (loop #0).
174a820.9c40: supR3HardNtEnableThreadCreation:
175a4b0.a810: Log file opened: 5.0.15r105747 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
176a4b0.a810: supR3HardenedVmProcessInit: uNtDllAddr=0000000077a60000 g_uNtVerCombined=0x611db100
177a4b0.a810: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
178a4b0.a810: New simple heap: #1 0000000000310000 LB 0x400000 (for 1740800 allocation)
179a4b0.a810: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
180a4b0.a810: System32: \Device\HarddiskVolume2\Windows\System32
181a4b0.a810: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
182a4b0.a810: KnownDllPath: C:\windows\system32
183a4b0.a810: supR3HardenedVmProcessInit: Opening vboxdrv stub...
184a4b0.a810: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
185a4b0.a810: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
186a4b0.a810: Registered Dll notification callback with NTDLL.
187a4b0.a810: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
188a4b0.a810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
189a4b0.a810: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
190a4b0.a810: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
191a4b0.a810: supR3HardenedDllNotificationCallback: load 0000000077940000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
192a4b0.a810: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
193a4b0.a810: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
194a4b0.a810: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
195a4b0.a810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
196a4b0.a810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32\kernel32.dll'
197a4b0.a810: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8b630 pvNtTerminateThread=0000000077aadee0
198a820.9c40: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 84 ms.
199a4b0.a810: \SystemRoot\System32\ntdll.dll:
200a4b0.a810: CreationTime: 2016-01-17T21:35:46.838007700Z
201a4b0.a810: LastWriteTime: 2015-12-30T19:05:33.659216000Z
202a4b0.a810: ChangeTime: 2016-01-17T23:16:48.417639200Z
203a4b0.a810: FileAttributes: 0x20
204a4b0.a810: Size: 0x1a67c0
205a4b0.a810: NT Headers: 0xe0
206a4b0.a810: Timestamp: 0x568429e5
207a4b0.a810: Machine: 0x8664 - amd64
208a4b0.a810: Timestamp: 0x568429e5
209a4b0.a810: Image Version: 6.1
210a4b0.a810: SizeOfImage: 0x1a9000 (1740800)
211a4b0.a810: Resource Dir: 0x14d000 LB 0x5a028
212a4b0.a810: ProductName: Microsoft® Windows® Operating System
213a4b0.a810: ProductVersion: 6.1.7601.19110
214a4b0.a810: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
215a4b0.a810: FileDescription: NT Layer DLL
216a4b0.a810: \SystemRoot\System32\kernel32.dll:
217a4b0.a810: CreationTime: 2016-01-17T21:35:47.624039900Z
218a4b0.a810: LastWriteTime: 2015-12-30T18:57:55.730000000Z
219a4b0.a810: ChangeTime: 2016-01-17T23:16:48.636039600Z
220a4b0.a810: FileAttributes: 0x20
221a4b0.a810: Size: 0x11c000
222a4b0.a810: NT Headers: 0xe8
223a4b0.a810: Timestamp: 0x568429dc
224a4b0.a810: Machine: 0x8664 - amd64
225a4b0.a810: Timestamp: 0x568429dc
226a4b0.a810: Image Version: 6.1
227a4b0.a810: SizeOfImage: 0x11f000 (1175552)
228a4b0.a810: Resource Dir: 0x116000 LB 0x528
229a4b0.a810: ProductName: Microsoft® Windows® Operating System
230a4b0.a810: ProductVersion: 6.1.7601.19110
231a4b0.a810: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
232a4b0.a810: FileDescription: Windows NT BASE API Client DLL
233a4b0.a810: \SystemRoot\System32\KernelBase.dll:
234a4b0.a810: CreationTime: 2016-01-17T21:35:45.766972700Z
235a4b0.a810: LastWriteTime: 2015-12-30T18:57:55.761000000Z
236a4b0.a810: ChangeTime: 2016-01-17T23:16:48.636039600Z
237a4b0.a810: FileAttributes: 0x20
238a4b0.a810: Size: 0x67a00
239a4b0.a810: NT Headers: 0xe8
240a4b0.a810: Timestamp: 0x568429dd
241a4b0.a810: Machine: 0x8664 - amd64
242a4b0.a810: Timestamp: 0x568429dd
243a4b0.a810: Image Version: 6.1
244a4b0.a810: SizeOfImage: 0x6c000 (442368)
245a4b0.a810: Resource Dir: 0x6a000 LB 0x530
246a4b0.a810: ProductName: Microsoft® Windows® Operating System
247a4b0.a810: ProductVersion: 6.1.7601.19110
248a4b0.a810: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
249a4b0.a810: FileDescription: Windows NT BASE API Client DLL
250a4b0.a810: \SystemRoot\System32\apisetschema.dll:
251a4b0.a810: CreationTime: 2016-01-17T21:35:45.077966800Z
252a4b0.a810: LastWriteTime: 2015-12-30T18:54:58.839000000Z
253a4b0.a810: ChangeTime: 2016-01-17T23:16:48.386439200Z
254a4b0.a810: FileAttributes: 0x20
255a4b0.a810: Size: 0x1a00
256a4b0.a810: NT Headers: 0xc0
257a4b0.a810: Timestamp: 0x568428c9
258a4b0.a810: Machine: 0x8664 - amd64
259a4b0.a810: Timestamp: 0x568428c9
260a4b0.a810: Image Version: 6.1
261a4b0.a810: SizeOfImage: 0x50000 (327680)
262a4b0.a810: Resource Dir: 0x30000 LB 0x3f8
263a4b0.a810: ProductName: Microsoft® Windows® Operating System
264a4b0.a810: ProductVersion: 6.1.7601.19110
265a4b0.a810: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
266a4b0.a810: FileDescription: ApiSet Schema DLL
267a4b0.a810: NtOpenDirectoryObject failed on \Driver: 0xc0000022
268a4b0.a810: supR3HardenedWinFindAdversaries: 0x400
269a4b0.a810: \SystemRoot\System32\drivers\MpFilter.sys:
270a4b0.a810: CreationTime: 2015-03-04T19:34:52.000000000Z
271a4b0.a810: LastWriteTime: 2015-03-04T19:34:52.000000000Z
272a4b0.a810: ChangeTime: 2015-07-25T15:39:46.208932100Z
273a4b0.a810: FileAttributes: 0x20
274a4b0.a810: Size: 0x44738
275a4b0.a810: NT Headers: 0xf0
276a4b0.a810: Timestamp: 0x54efb880
277a4b0.a810: Machine: 0x8664 - amd64
278a4b0.a810: Timestamp: 0x54efb880
279a4b0.a810: Image Version: 6.3
280a4b0.a810: SizeOfImage: 0x44000 (278528)
281a4b0.a810: Resource Dir: 0x42000 LB 0xd50
282a4b0.a810: ProductName: Microsoft Malware Protection
283a4b0.a810: ProductVersion: 4.8.0200.0
284a4b0.a810: FileVersion: 4.8.0200.0
285a4b0.a810: FileDescription: Microsoft antimalware file system filter driver
286a4b0.a810: \SystemRoot\System32\drivers\NisDrvWFP.sys:
287a4b0.a810: CreationTime: 2011-04-27T15:25:24.000000000Z
288a4b0.a810: LastWriteTime: 2015-03-04T19:34:52.000000000Z
289a4b0.a810: ChangeTime: 2015-07-25T15:39:46.078931900Z
290a4b0.a810: FileAttributes: 0x20
291a4b0.a810: Size: 0x1e698
292a4b0.a810: NT Headers: 0xf0
293a4b0.a810: Timestamp: 0x54efb8af
294a4b0.a810: Machine: 0x8664 - amd64
295a4b0.a810: Timestamp: 0x54efb8af
296a4b0.a810: Image Version: 6.3
297a4b0.a810: SizeOfImage: 0x1f000 (126976)
298a4b0.a810: Resource Dir: 0x1c000 LB 0x1b90
299a4b0.a810: ProductName: Microsoft Malware Protection
300a4b0.a810: ProductVersion: 4.8.0200.0
301a4b0.a810: FileVersion: 4.8.0200.0
302a4b0.a810: FileDescription: Microsoft Network Realtime Inspection Driver
303a4b0.a810: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
304a4b0.a810: Calling main()
305a4b0.a810: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
306a4b0.a810: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
307a4b0.a810: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
308a4b0.a810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
309a4b0.a810: SUPR3HardenedMain: Respawn #2
310a4b0.a810: supR3HardNtEnableThreadCreation:
311a4b0.a810: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
312a4b0.a810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
313a4b0.a810: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
314a4b0.a810: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
315a4b0.a810: supR3HardenedDllNotificationCallback: load 000007fefd640000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
316a4b0.a810: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
317a4b0.a810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd640000 'C:\windows\system32\apphelp.dll'
318a4b0.a810: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8b630 pvNtTerminateThread=0000000077aadee0
319a4b0.a810: supR3HardenedWinDoReSpawn(2): New child 9b84.9c60 [kernel32].
320a4b0.a810: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
321a4b0.a810: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077a60000 uNtDllChildAddr=0000000077a60000
322a4b0.a810: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077a8b630
323a4b0.a810: supR3HardenedWinSetupChildInit: Start child.
324a4b0.a810: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
325a4b0.a810: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
326a4b0.a810: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
327a4b0.a810: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
328a4b0.a810: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
329a4b0.a810: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
330a4b0.a810: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
331a4b0.a810: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
332a4b0.a810: 0000000000041000-fffffffffff01fff 0x0001/0x0000 0x0000000
333a4b0.a810: *0000000000180000-0000000000083fff 0x0000/0x0004 0x0020000
334a4b0.a810: 000000000027c000-0000000000278fff 0x0104/0x0004 0x0020000
335a4b0.a810: 000000000027f000-000000000027dfff 0x0004/0x0004 0x0020000
336a4b0.a810: 0000000000280000-ffffffff88a9ffff 0x0001/0x0000 0x0000000
337a4b0.a810: *0000000077a60000-0000000077a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
338a4b0.a810: 0000000077a61000-0000000077b5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
339a4b0.a810: 0000000077b5f000-0000000077b8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
340a4b0.a810: 0000000077b8e000-0000000077b95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
341a4b0.a810: 0000000077b96000-0000000077b96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
342a4b0.a810: 0000000077b97000-0000000077b99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
343a4b0.a810: 0000000077b9a000-0000000077c08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
344a4b0.a810: 0000000077c09000-0000000070831fff 0x0001/0x0000 0x0000000
345a4b0.a810: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
346a4b0.a810: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
347a4b0.a810: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
348a4b0.a810: 000000007fff0000-ffffffffc0edffff 0x0001/0x0000 0x0000000
349a4b0.a810: *000000013f100000-000000013f100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
350a4b0.a810: 000000013f101000-000000013f187fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
351a4b0.a810: 000000013f188000-000000013f188fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
352a4b0.a810: 000000013f189000-000000013f1d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
353a4b0.a810: 000000013f1d4000-000000013f1d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
354a4b0.a810: 000000013f1d5000-000000013f1d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
355a4b0.a810: 000000013f1d6000-000000013f1dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
356a4b0.a810: 000000013f1db000-000000013f1dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
357a4b0.a810: 000000013f1dc000-000000013f1dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
358a4b0.a810: 000000013f1dd000-000000013f1e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
359a4b0.a810: 000000013f1e1000-000000013f22bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
360a4b0.a810: 000000013f22c000-fffff8037e6d7fff 0x0001/0x0000 0x0000000
361a4b0.a810: *000007feffd80000-000007feffd80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
362a4b0.a810: 000007feffd81000-000007fdffb51fff 0x0001/0x0000 0x0000000
363a4b0.a810: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
364a4b0.a810: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
365a4b0.a810: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
366a4b0.a810: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
367a4b0.a810: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
368a4b0.a810: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
369a4b0.a810: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
370a4b0.a810: VirtualBox.exe: timestamp 0x56d065f7 (rc=VINF_SUCCESS)
371a4b0.a810: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
372a4b0.a810: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
373a4b0.a810: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
374a4b0.a810: supR3HardNtChildPurify: Done after 596 ms and 0 fixes (loop #0).
3759b84.9c60: Log file opened: 5.0.15r105747 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3769b84.9c60: supR3HardenedVmProcessInit: uNtDllAddr=0000000077a60000 g_uNtVerCombined=0x611db100
3779b84.9c60: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
3789b84.9c60: New simple heap: #1 0000000000280000 LB 0x400000 (for 1740800 allocation)
379a4b0.a810: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
380a4b0.a810: supR3HardNtEnableThreadCreation:
3819b84.9c60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3829b84.9c60: System32: \Device\HarddiskVolume2\Windows\System32
3839b84.9c60: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3849b84.9c60: KnownDllPath: C:\windows\system32
3859b84.9c60: supR3HardenedVmProcessInit: Opening vboxdrv...
3869b84.9c60: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3879b84.9c60: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3889b84.9c60: Registered Dll notification callback with NTDLL.
3899b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3909b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3919b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3929b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3939b84.9c60: supR3HardenedDllNotificationCallback: load 0000000077940000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
3949b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3959b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
3969b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3979b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3989b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32\kernel32.dll'
3999b84.9c60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8b630 pvNtTerminateThread=0000000077aadee0
4009b84.9c60: \SystemRoot\System32\ntdll.dll:
4019b84.9c60: CreationTime: 2016-01-17T21:35:46.838007700Z
4029b84.9c60: LastWriteTime: 2015-12-30T19:05:33.659216000Z
4039b84.9c60: ChangeTime: 2016-01-17T23:16:48.417639200Z
4049b84.9c60: FileAttributes: 0x20
4059b84.9c60: Size: 0x1a67c0
4069b84.9c60: NT Headers: 0xe0
4079b84.9c60: Timestamp: 0x568429e5
4089b84.9c60: Machine: 0x8664 - amd64
4099b84.9c60: Timestamp: 0x568429e5
4109b84.9c60: Image Version: 6.1
4119b84.9c60: SizeOfImage: 0x1a9000 (1740800)
4129b84.9c60: Resource Dir: 0x14d000 LB 0x5a028
4139b84.9c60: ProductName: Microsoft® Windows® Operating System
4149b84.9c60: ProductVersion: 6.1.7601.19110
4159b84.9c60: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4169b84.9c60: FileDescription: NT Layer DLL
4179b84.9c60: \SystemRoot\System32\kernel32.dll:
4189b84.9c60: CreationTime: 2016-01-17T21:35:47.624039900Z
4199b84.9c60: LastWriteTime: 2015-12-30T18:57:55.730000000Z
4209b84.9c60: ChangeTime: 2016-01-17T23:16:48.636039600Z
4219b84.9c60: FileAttributes: 0x20
4229b84.9c60: Size: 0x11c000
4239b84.9c60: NT Headers: 0xe8
4249b84.9c60: Timestamp: 0x568429dc
4259b84.9c60: Machine: 0x8664 - amd64
4269b84.9c60: Timestamp: 0x568429dc
427a4b0.a810: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
4289b84.9c60: Image Version: 6.1
4299b84.9c60: SizeOfImage: 0x11f000 (1175552)
4309b84.9c60: Resource Dir: 0x116000 LB 0x528
4319b84.9c60: ProductName: Microsoft® Windows® Operating System
4329b84.9c60: ProductVersion: 6.1.7601.19110
4339b84.9c60: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4349b84.9c60: FileDescription: Windows NT BASE API Client DLL
4359b84.9c60: \SystemRoot\System32\KernelBase.dll:
4369b84.9c60: CreationTime: 2016-01-17T21:35:45.766972700Z
4379b84.9c60: LastWriteTime: 2015-12-30T18:57:55.761000000Z
4389b84.9c60: ChangeTime: 2016-01-17T23:16:48.636039600Z
4399b84.9c60: FileAttributes: 0x20
4409b84.9c60: Size: 0x67a00
4419b84.9c60: NT Headers: 0xe8
4429b84.9c60: Timestamp: 0x568429dd
4439b84.9c60: Machine: 0x8664 - amd64
4449b84.9c60: Timestamp: 0x568429dd
4459b84.9c60: Image Version: 6.1
4469b84.9c60: SizeOfImage: 0x6c000 (442368)
4479b84.9c60: Resource Dir: 0x6a000 LB 0x530
4489b84.9c60: ProductName: Microsoft® Windows® Operating System
4499b84.9c60: ProductVersion: 6.1.7601.19110
4509b84.9c60: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4519b84.9c60: FileDescription: Windows NT BASE API Client DLL
4529b84.9c60: \SystemRoot\System32\apisetschema.dll:
4539b84.9c60: CreationTime: 2016-01-17T21:35:45.077966800Z
4549b84.9c60: LastWriteTime: 2015-12-30T18:54:58.839000000Z
4559b84.9c60: ChangeTime: 2016-01-17T23:16:48.386439200Z
4569b84.9c60: FileAttributes: 0x20
4579b84.9c60: Size: 0x1a00
4589b84.9c60: NT Headers: 0xc0
4599b84.9c60: Timestamp: 0x568428c9
4609b84.9c60: Machine: 0x8664 - amd64
4619b84.9c60: Timestamp: 0x568428c9
4629b84.9c60: Image Version: 6.1
4639b84.9c60: SizeOfImage: 0x50000 (327680)
4649b84.9c60: Resource Dir: 0x30000 LB 0x3f8
4659b84.9c60: ProductName: Microsoft® Windows® Operating System
4669b84.9c60: ProductVersion: 6.1.7601.19110
4679b84.9c60: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
4689b84.9c60: FileDescription: ApiSet Schema DLL
4699b84.9c60: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4709b84.9c60: supR3HardenedWinFindAdversaries: 0x400
4719b84.9c60: \SystemRoot\System32\drivers\MpFilter.sys:
4729b84.9c60: CreationTime: 2015-03-04T19:34:52.000000000Z
4739b84.9c60: LastWriteTime: 2015-03-04T19:34:52.000000000Z
4749b84.9c60: ChangeTime: 2015-07-25T15:39:46.208932100Z
4759b84.9c60: FileAttributes: 0x20
4769b84.9c60: Size: 0x44738
4779b84.9c60: NT Headers: 0xf0
4789b84.9c60: Timestamp: 0x54efb880
4799b84.9c60: Machine: 0x8664 - amd64
4809b84.9c60: Timestamp: 0x54efb880
4819b84.9c60: Image Version: 6.3
4829b84.9c60: SizeOfImage: 0x44000 (278528)
4839b84.9c60: Resource Dir: 0x42000 LB 0xd50
4849b84.9c60: ProductName: Microsoft Malware Protection
4859b84.9c60: ProductVersion: 4.8.0200.0
4869b84.9c60: FileVersion: 4.8.0200.0
4879b84.9c60: FileDescription: Microsoft antimalware file system filter driver
4889b84.9c60: \SystemRoot\System32\drivers\NisDrvWFP.sys:
4899b84.9c60: CreationTime: 2011-04-27T15:25:24.000000000Z
4909b84.9c60: LastWriteTime: 2015-03-04T19:34:52.000000000Z
4919b84.9c60: ChangeTime: 2015-07-25T15:39:46.078931900Z
4929b84.9c60: FileAttributes: 0x20
4939b84.9c60: Size: 0x1e698
4949b84.9c60: NT Headers: 0xf0
4959b84.9c60: Timestamp: 0x54efb8af
4969b84.9c60: Machine: 0x8664 - amd64
4979b84.9c60: Timestamp: 0x54efb8af
4989b84.9c60: Image Version: 6.3
4999b84.9c60: SizeOfImage: 0x1f000 (126976)
5009b84.9c60: Resource Dir: 0x1c000 LB 0x1b90
5019b84.9c60: ProductName: Microsoft Malware Protection
5029b84.9c60: ProductVersion: 4.8.0200.0
5039b84.9c60: FileVersion: 4.8.0200.0
5049b84.9c60: FileDescription: Microsoft Network Realtime Inspection Driver
5059b84.9c60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5069b84.9c60: Calling main()
5079b84.9c60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5089b84.9c60: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5099b84.9c60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5109b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5119b84.9c60: SUPR3HardenedMain: Final process, opening VBoxDrv...
5129b84.9c60: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
5139b84.9c60: supR3HardNtEnableThreadCreation:
5149b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5159b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5169b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000765340:C:\windows\system32 [calling]
5179b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5189b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefb5e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5199b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5209b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5219b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
5229b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5239b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5249b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
5259b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5269b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5279b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5289b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
5299b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5309b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
5319b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
5329b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
5339b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5349b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5359b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
5369b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
5379b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5389b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5399b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
5409b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
5419b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5429b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5439b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5449b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5459b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
5469b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
5479b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5499b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
5509b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
5519b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5539b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5549b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5569b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5579b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000765340:C:\windows\system32 [calling]
5589b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5599b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd920000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
5609b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5619b84.9c60: supR3HardenedDllNotificationCallback: load 000007feffca0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
5629b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5639b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefda50000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
5649b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5659b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd810000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
5669b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5679b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe360000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
5689b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5699b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd920000 'C:\windows\system32\Wintrust.dll'
5709b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5719b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5729b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007aad60:C:\windows\system32 [calling]
5739b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5749b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
5759b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5769b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\windows\system32\bcrypt.dll'
5779b84.9c60: bcrypt.dll loaded at 000007fefd190000, BCryptOpenAlgorithmProvider at 000007fefd192640, preloading providers:
5789b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
5799b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
5809b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5819b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5829b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5839b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5849b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5859b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5869b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5879b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5889b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
5899b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
5909b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
5919b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5929b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5939b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5949b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5959b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5969b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5979b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
5989b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5999b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
6009b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6019b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe500000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
6029b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6039b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6049b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6059b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6069b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6079b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe5e0000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
6089b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6099b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\windows\system32\bcryptprimitives.dll'
6109b84.9c60: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007ac440)
6119b84.9c60: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007adb30)
6129b84.9c60: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007af4e0)
6139b84.9c60: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007af600)
6149b84.9c60: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007af720)
6159b84.9c60: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007af840)
6169b84.9c60: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007afa80)
6179b84.9c60: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007afba0)
6189b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
6199b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
6209b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6219b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6229b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6239b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6249b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6259b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6269b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6279b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6289b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
6299b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6309b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\windows\system32\CRYPTSP.dll'
6319b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6329b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
6339b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
6349b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6359b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6369b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6379b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6389b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6399b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefcd40000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
6409b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6419b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd40000 'C:\windows\system32\rsaenh.dll'
6429b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6439b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6449b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
6459b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
6469b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
6479b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6489b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6499b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
6509b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6519b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\windows\system32\CRYPTBASE.dll'
6529b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6539b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6549b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32\kernel32.dll'
6559b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6569b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6579b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd920000 'C:\windows\system32\WINTRUST.DLL'
6589b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6599b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6609b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\windows\system32\CRYPT32.dll'
6619b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6629b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
6639b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6649b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6679b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6699b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6709b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6719b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6729b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6739b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe230000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
6749b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6759b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\windows\system32\imagehlp.dll'
6769b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6779b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
6789b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\windows\system32\CRYPTSP.dll'
6799b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6809b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
6819b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
6829b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6839b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6849b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6859b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
6869b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
6879b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
6889b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
6899b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
6909b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6919b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6929b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
6939b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
6949b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
6959b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6969b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6979b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6989b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
6999b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7009b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7019b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7029b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7039b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
7049b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
7059b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7069b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7079b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7089b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7099b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7109b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7119b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7129b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7139b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7149b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7159b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7169b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7179b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7189b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7199b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7209b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
7219b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7229b84.9c60: supR3HardenedDllNotificationCallback: load 0000000077840000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
7239b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7249b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe490000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
7259b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7269b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe170000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
7279b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
7289b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe680000 LB 0x000ca000 C:\windows\system32\USP10.dll [fFlags=0x0]
7299b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
7309b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7319b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
7329b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe490000 'C:\windows\system32\gdi32.dll'
7339b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
7349b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
7359b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
7369b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
7379b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
7389b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
7399b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
7409b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7419b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
7429b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
7439b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
7449b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
7459b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
7469b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7479b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7489b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7519b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
7539b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
7549b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7569b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7579b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7589b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7599b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7609b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7619b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7639b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7649b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
7659b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7669b84.9c60: supR3HardenedDllNotificationCallback: load 000007feffd40000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
7679b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7689b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe250000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
7699b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
7709b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffd40000 'C:\windows\system32\IMM32.DLL'
7719b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\windows\system32\USER32.dll'
7729b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
7739b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
7749b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
7759b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
7769b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
7779b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7789b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7799b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7809b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7819b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7829b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7839b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7849b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7859b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7869b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
7879b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7889b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd1c0000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
7899b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7909b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1c0000 'C:\windows\system32\ncrypt.dll'
7919b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7929b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
7939b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\windows\system32\bcrypt.dll'
7949b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7959b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
7969b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
7979b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
7989b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
7999b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8009b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8019b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8029b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
8039b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
8049b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8059b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8069b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8079b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8089b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8099b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8109b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8119b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8129b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8139b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8149b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8159b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefda30000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
8169b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8179b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
8189b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8199b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda30000 'C:\windows\system32\USERENV.dll'
8209b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8219b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8229b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8239b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8249b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8259b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
8269b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
8279b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
8289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8299b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8309b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8319b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8329b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8339b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8349b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8359b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8369b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefc530000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
8379b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8389b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc530000 'C:\windows\system32\GPAPI.dll'
8399b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8409b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8419b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8429b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8439b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe360000 'C:\windows\system32\rpcrt4.dll'
8449b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8459b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
8469b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8479b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8489b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8499b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
8509b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8519b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
8529b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
8539b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
8549b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8569b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8579b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
8589b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
8599b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8609b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8619b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8649b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8679b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8699b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8709b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8719b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8729b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8739b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef6ea0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
8749b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8759b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
8769b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8779b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8789b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8799b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8809b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8819b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8829b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8839b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8849b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8859b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8869b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8879b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8889b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8899b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8909b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8919b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8929b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8939b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
8949b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8959b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8969b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8979b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8989b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
8999b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9009b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
9019b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9029b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
9039b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9049b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
9059b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
9069b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9079b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
9089b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9099b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9109b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9119b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9129b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\windows\system32\profapi.dll'
9139b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9149b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9159b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9169b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
9179b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9189b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9199b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9209b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9219b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9229b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9239b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9249b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9259b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9269b84.9c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9279b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9289b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9299b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefdbc0000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
9309b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9319b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbc0000 'C:\windows\system32\SHLWAPI.dll'
9329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000852a50
9349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9359b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=99113493CCEA6CE03AD58304FCE46D35B665BC85
9369b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9379b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9389b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9399b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9409b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9419b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
9429b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9439b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9449b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
9459b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9469b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9479b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
9489b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9499b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
9509b84.9c60: g_pfnWinVerifyTrust=000007fefd921010
9519b84.9c60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9529b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
9539b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
9569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9589b84.9c60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9599b84.9c60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9609b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
9619b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9629b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9639b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
9649b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9659b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9669b84.9c60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9679b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9689b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9699b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9709b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
9719b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9729b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9739b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9749b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9759b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9769b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9779b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
9789b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9799b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9809b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9819b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9829b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9839b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9849b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
9859b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9869b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9879b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9889b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
9899b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9909b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9919b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
9929b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9939b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9949b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9959b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
9969b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
9979b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
9989b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
9999b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10009b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10019b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10029b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
10039b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10049b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10059b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
10069b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10079b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10089b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10099b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10109b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10119b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10129b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF6214D5B4EE4D004FA11B4426B0E781D4E918A9
10139b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10149b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10159b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10169b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
10179b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10189b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10199b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
10209b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10219b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10229b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10239b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
10249b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10259b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10269b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
10279b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10289b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10299b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10309b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
10319b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
10349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
10359b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10369b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
10379b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
10389b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10399b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10409b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
10419b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
10429b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10439b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
10449b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
10459b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10469b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10479b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
10489b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
10499b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10509b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
10519b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
10529b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10539b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
10559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
10569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10579b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10589b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10599b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10609b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10619b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
10629b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10639b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10649b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10659b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
10669b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10679b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10689b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369CA0A282E9201E8C3399DEF1010F6DC0676FA
10699b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10709b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10719b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10729b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
10739b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
10749b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10759b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10769b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
10779b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10789b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10799b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10809b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
10819b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10829b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10839b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
10849b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10859b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10869b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10879b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
10889b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10899b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10909b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6964F437558F504725B2BE66A35240231044644F
10919b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10929b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10939b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10949b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
10959b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
10969b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
10979b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
10989b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
10999b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11009b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11019b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11029b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11039b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
11049b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
11059b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
11069b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11079b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11089b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11099b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
11109b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
11119b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
11129b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
11139b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11149b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11159b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11169b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11179b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
11189b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
11199b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA2C80E31A4EEBFA49ACC284D4C1B701145978CB
11209b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11219b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11229b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11239b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11249b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
11259b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
11269b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
11279b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=345936918DE59E26BE1BF613500ED5E48C26873F
11289b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11299b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11309b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11319b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
11329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
11339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
11349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B3709F99BA1F5F78D42BD62B72E557388B5AE0
11359b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11369b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11379b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11389b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11399b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ee9800:C:\windows\system32 [calling]
11409b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\windows\system32\crypt32.dll'
11419b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11429b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11439b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11449b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11459b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11469b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11479b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11489b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11499b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11509b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x8fe279bdb46fee00 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
11519b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11529b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11539b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
11549b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11559b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
11569b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11579b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11589b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11599b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11609b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11619b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11629b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11639b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11649b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11659b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11669b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11679b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11689b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11699b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11709b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11719b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
11729b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
11739b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11749b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11759b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
11769b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
11779b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11789b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11799b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11809b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11819b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11829b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11839b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11849b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
11859b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
11869b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11879b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11889b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
11899b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11909b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
11919b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
11929b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
11939b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
11949b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11959b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11969b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
11979b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11989b84.9c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11999b84.9c60: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=58
12009b84.9c60: SUPR3HardenedMain: Load Runtime...
12019b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12029b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12039b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12049b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12059b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12069b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12079b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12089b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12099b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12109b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12119b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12129b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12139b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
12149b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
12159b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
12169b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
12179b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12189b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12199b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12209b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12219b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12229b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12239b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12249b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12259b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12269b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12279b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12299b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12309b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12319b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12329b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12339b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12349b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12359b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
12369b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
12379b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
12389b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
12399b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
12409b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
12419b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
12429b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12439b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
12449b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
12459b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12469b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12479b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12509b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12519b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
12529b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12539b84.9c60: supR3HardenedDllNotificationCallback: load 000007fed6290000 LB 0x00563000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12549b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12559b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12569b84.9c60: supR3HardenedDllNotificationCallback: load 00000000791b0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12579b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12589b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12599b84.9c60: supR3HardenedDllNotificationCallback: load 0000000078ac0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12609b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12619b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
12629b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12639b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe180000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
12649b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
12659b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12669b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12679b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12689b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12699b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12709b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12719b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12729b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12739b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12749b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12759b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12769b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12779b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12789b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12799b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12809b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12819b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12829b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12839b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12849b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12859b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12869b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12879b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12889b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12899b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12909b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12919b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
12929b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12939b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12949b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12959b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12969b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12979b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12989b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12999b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13009b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13019b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13029b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13039b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13049b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13059b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13069b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13079b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13089b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13099b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000766030:C:\Program Files\Oracle\VirtualBox;C:\windows\system32;C:\windows\system;C:\windows;.;C:\Program Files (x86)\Google\Chrome\Application;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\windows\SYSTEM32;C:\windows;C:\windows\SYSTEM32\WBEM;C:\windows\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\INTEL\SERVICES\IPT\;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SMART PROJECTS\ISOBUSTER;C:\PROGRAM FILES\MICROSOFT WINDOWS PERFORMANCE TOOLKIT\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES (X86)\GIT\CMD;C:\PROGRAM FILES (X86)\COMMON FILES\ACRONIS\SNAPAPI\;C:\PROGRAM FILES\CRUCIAL\STORAGE EXECUTIVE;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ [calling]
13109b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13119b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13129b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13139b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13149b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
13159b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef65b0:C:\windows\system32 [calling]
13169b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd920000 'C:\windows\system32\Wintrust.dll'
13179b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13189b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef65b0:C:\windows\system32 [calling]
13199b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\windows\system32\crypt32.dll'
13209b84.9c60: SUPR3HardenedMain: Load TrustedMain...
13219b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13229b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13239b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13249b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13259b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
13269b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
13279b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
13289b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
13299b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13309b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
13319b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
13329b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
13339b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
13349b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
13359b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13369b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13379b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13389b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13399b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13409b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
13419b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
13429b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
13439b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
13449b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
13459b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13469b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13479b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13489b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13499b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13519b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13529b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
13539b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
13549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
13559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
13569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
13579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13589b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13599b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
13609b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13619b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
13629b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
13639b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
13649b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
13659b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
13669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13679b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13689b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13699b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
13709b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
13719b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
13729b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
13739b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13749b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13759b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13769b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
13779b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
13789b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13799b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13809b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13819b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13829b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13839b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
13849b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
13859b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
13869b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
13879b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
13889b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13899b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13909b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13919b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
13929b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13939b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13949b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13959b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13969b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13979b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
13989b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
13999b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
14009b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
14019b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
14029b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14039b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14049b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14059b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14069b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14079b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14089b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14099b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14109b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14119b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14129b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14139b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14149b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14159b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14169b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14179b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
14189b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
14199b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14209b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14219b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14229b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
14239b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
14249b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14259b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
14269b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14279b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
14289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
14299b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14309b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
14319b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
14329b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
14339b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
14349b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14359b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
14369b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14379b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
14389b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
14399b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
14409b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
14419b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
14429b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
14439b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14449b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14459b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14469b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14479b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
14489b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14499b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
14509b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14519b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14529b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
14539b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14549b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14569b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14579b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14589b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14599b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14609b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14619b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14649b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14659b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
14669b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
14679b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
14689b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14699b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14709b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14719b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14729b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14739b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14749b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14759b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14769b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
14779b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14789b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14799b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14809b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14819b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14829b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
14839b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
14849b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
14859b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
14869b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
14879b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14889b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14899b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14909b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
14919b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14929b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
14939b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
14949b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
14959b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
14969b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14979b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14989b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
14999b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
15009b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
15019b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15029b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
15039b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15049b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15059b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15069b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15079b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
15089b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15099b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15109b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15119b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15129b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15139b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15149b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15159b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15169b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15179b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15189b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15199b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15209b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15219b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15229b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15239b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15249b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15259b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15269b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15279b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15299b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15309b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15319b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15329b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15339b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15349b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15359b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15369b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15379b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15389b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15399b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15409b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15419b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15429b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15439b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15449b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15459b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15469b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15479b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15519b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
15539b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
15559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
15569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
15579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
15589b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
15599b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15609b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15619b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15629b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15639b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
15649b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
15659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15679b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15699b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15709b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
15719b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15729b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15739b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15749b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15759b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15769b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15779b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15789b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15799b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15809b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15819b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15829b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15839b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15849b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15859b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
15869b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
15879b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
15889b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15899b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15909b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15919b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15929b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15939b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15949b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15959b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15969b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15979b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15989b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15999b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16009b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16019b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16029b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16039b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16049b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16059b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16069b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16079b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16089b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16099b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16109b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16119b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16129b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16139b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16149b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16159b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16169b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16179b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16189b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16199b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16209b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16219b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16229b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16239b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16249b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16259b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16269b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16279b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16299b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
16309b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
16319b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
16329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
16339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
16349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16359b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16369b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16379b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16389b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
16399b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16409b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16419b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16429b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16439b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16449b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16459b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16469b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16479b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16519b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16539b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16549b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16569b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16579b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16589b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16599b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16609b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16619b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16649b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16679b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16699b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16709b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16719b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16729b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16739b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
16749b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
16759b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16769b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
16779b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
16789b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
16799b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16809b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16819b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16829b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16839b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16849b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
16859b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16869b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
16879b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
16889b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
16899b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
16909b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
16919b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
16929b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
16939b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16949b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
16959b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
16969b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16979b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16989b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16999b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17009b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17019b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
17029b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17039b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17049b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17059b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17069b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17079b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17089b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
17099b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
17109b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
17119b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17129b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17139b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17149b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17159b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17169b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
17179b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17189b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17199b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17209b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17219b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17229b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17239b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17249b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17259b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17269b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17279b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17289b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
17299b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
17309b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
17319b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
17329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
17339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
17349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
17359b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17369b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17379b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
17389b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
17399b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
17409b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17419b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17429b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17439b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17449b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17459b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17469b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17479b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17519b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17539b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
17559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
17569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
17579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
17589b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17599b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17609b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
17619b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17629b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
17639b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17649b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17679b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17699b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17709b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17719b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17729b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17739b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17749b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17759b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17769b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17779b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17789b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17799b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17809b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17819b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
17829b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17839b84.9c60: supR3HardenedDllNotificationCallback: load 000007fed4f70000 LB 0x00abe000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
17849b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17859b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17869b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef37e0000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
17879b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17889b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17899b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefaf60000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
17909b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17919b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17929b84.9c60: supR3HardenedDllNotificationCallback: load 000007fedaad0000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
17939b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17949b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17959b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefb3c0000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
17969b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17979b84.9c60: supR3HardenedDllNotificationCallback: load 000007feff7f0000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
17989b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17999b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd9f0000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
18009b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18019b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe090000 LB 0x000d7000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
18029b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18039b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefde80000 LB 0x00203000 C:\windows\system32\ole32.dll [fFlags=0x0]
18049b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18059b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd820000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
18069b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
18079b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18089b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefa510000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
18099b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18109b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18119b84.9c60: supR3HardenedDllNotificationCallback: load 0000000066eb0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
18129b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18139b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18149b84.9c60: supR3HardenedDllNotificationCallback: load 0000000064fa0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
18159b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18169b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe190000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
18179b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18189b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18199b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18209b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18219b84.9c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18229b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18239b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef7320000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
18249b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
18259b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefe9c0000 LB 0x00d89000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
18269b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18279b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18289b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefa660000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
18299b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18309b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18319b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef8110000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
18329b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18339b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
18349b84.9c60: supR3HardenedDllNotificationCallback: load 0000000062e60000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
18359b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
18369b84.9c60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
18379b84.9c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
18389b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18399b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18409b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18419b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18429b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18439b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18449b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18459b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080e0f0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18469b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffd40000 'C:\windows\system32\imm32.dll'
18479b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4f70000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
18489b84.9c60: SUPR3HardenedMain: Calling TrustedMain (000007fed4f710d0)...
18499b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18509b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18519b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
18529b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18539b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
18549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
18559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
18569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
18579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18589b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18599b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
18609b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
18619b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
18629b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18649b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18679b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18689b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18699b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef3830:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18709b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18719b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefa7a0000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
18729b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18739b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
18749b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18759b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef3830:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18769b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
18779b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18789b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef4750:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18799b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
18809b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18819b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef4750:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18829b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
18839b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18849b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18859b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa510000 'C:\windows\system32\dwmapi.dll'
18869b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18879b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18889b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\windows\system32\CRYPTBASE.dll'
18899b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18909b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18919b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
18929b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18939b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18949b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32\kernel32.dll'
18959b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18969b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
18979b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
18989b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18999b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19009b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
19019b84.9c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
19029b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19039b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
19049b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\windows\system32\user32.dll'
19059b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19069b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19079b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\windows\system32\uxtheme.dll'
19089b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\windows\system32\user32.dll'
19099b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\advapi32.dll'
19109b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19119b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19129b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda30000 'C:\windows\system32\userenv.dll'
19139b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19149b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19159b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32\kernel32.dll'
19169b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19179b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
19189b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
19199b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
19209b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19219b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19229b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19239b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19249b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19259b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19269b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19279b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19289b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
19299b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19309b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19319b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19329b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19339b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19349b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19359b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19369b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19379b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19389b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19399b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19409b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19419b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19429b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19439b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19449b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
19459b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19469b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19479b84.9c60: supR3HardenedDllNotificationCallback: load 000007feff750000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
19489b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19499b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff750000 'C:\windows\system32\CLBCatQ.DLL'
19509b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
19519b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
19529b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080e330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19539b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\windows\system32\CRYPTSP.dll'
19549b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
19559b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
19569b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
19579b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
19589b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
19599b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19609b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
19619b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
19629b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
19639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19649b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19659b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080e330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
19669b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
19679b84.9c60: supR3HardenedDllNotificationCallback: load 000007fefd750000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
19689b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
19699b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd750000 'C:\windows\system32\RpcRtRemote.dll'
19709b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19719b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19729b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19739b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19749b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19759b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
19769b84.8060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
19779b84.8060: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
19789b84.8060: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
19799b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19809b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19819b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19829b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19839b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19849b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19859b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19869b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19879b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19889b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19899b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19909b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19919b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19929b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19939b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19949b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19959b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19969b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19979b84.8060: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19989b84.8060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19999b84.8060: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000849450:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20009b84.8060: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20019b84.8060: supR3HardenedDllNotificationCallback: load 000007fed4990000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20029b84.8060: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20039b84.8060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4990000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20049b84.8060: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20059b84.8060: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef48b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20069b84.8060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\oleaut32.dll'
20079b84.8060: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000674 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
20089b84.8060: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
20099b84.8060: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
20109b84.8060: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
20119b84.8060: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
20129b84.8060: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20139b84.8060: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
20149b84.8060: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
20159b84.8060: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080e8d0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20169b84.8060: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
20179b84.8060: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x00091000 C:\windows\system32\SXS.DLL [fFlags=0x0]
20189b84.8060: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
20199b84.8060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6b0000 'C:\windows\system32\SXS.DLL'
20209b84.8060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
20219b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20229b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080eb10:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20239b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\OLEAUT32.dll'
20249b84.9c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
20259b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080eb10:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20269b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
20279b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe490000 'C:\windows\system32\gdi32.dll'
20289b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\windows\system32\user32.dll'
20299b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20309b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080ea80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20319b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
20329b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
20339b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20349b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080ea80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20359b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
20369b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20379b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cbe0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20389b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
20399b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20409b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cbe0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20419b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\OLEAUT32.dll'
20429b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20439b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
20449b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
20459b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
20469b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20479b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20489b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20499b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
20509b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20519b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20529b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
20539b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
20549b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20559b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20569b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20579b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20589b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20599b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20609b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20619b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20649b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20679b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20689b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
20699b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
20709b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
20719b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
20729b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20739b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20749b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
20759b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20769b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20779b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
20789b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
20799b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20809b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20819b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20829b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20839b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20849b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20859b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20869b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20879b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20889b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20899b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20909b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20919b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20929b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20939b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20949b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000854560:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
20959b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20969b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef79f0000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
20979b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20989b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20999b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef7b60000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
21009b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21019b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef79f0000 'C:\windows\system32\wbem\wbemprox.dll'
21029b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21039b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
21049b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
21059b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
21069b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
21079b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21089b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21099b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21109b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21119b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21129b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21139b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21149b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21159b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21169b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000854560:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
21179b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21189b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef7660000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
21199b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21209b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7660000 'C:\windows\system32\wbem\wbemsvc.dll'
21219b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21229b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
21239b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
21249b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
21259b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21269b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21279b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21289b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
21299b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21309b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
21319b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
21329b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
21339b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21349b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21359b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
21369b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
21379b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21389b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
21399b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
21409b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
21419b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
21429b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21439b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21449b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
21459b84.9c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
21469b84.9c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
21479b84.9c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21489b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21499b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21509b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21519b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21529b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21539b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21549b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21559b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21569b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21579b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21589b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21599b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21609b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21619b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21629b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21639b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21649b84.9c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
21659b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21669b84.9c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21679b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000854560:C:\windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
21689b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21699b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef7a30000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
21709b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21719b84.9c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21729b84.9c60: supR3HardenedDllNotificationCallback: load 000007fef7a00000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
21739b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21749b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7a30000 'C:\windows\system32\wbem\fastprox.dll'
21759b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\OLEAUT32.dll'
21769b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21779b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21789b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21799b84.8d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21809b84.8d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21819b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21829b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21839b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21849b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21859b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21869b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21879b84.8d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21889b84.8d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21899b84.8d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21909b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21919b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21929b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21939b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21949b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21959b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21969b84.8d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21979b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21989b84.8d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21999b84.8d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22009b84.8d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22019b84.8d18: supR3HardenedDllNotificationCallback: load 000007fed4450000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22029b84.8d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22039b84.8d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22049b84.8d18: supR3HardenedDllNotificationCallback: load 000000005d500000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22059b84.8d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22069b84.8d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4450000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22079b84.a74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22089b84.a74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22099b84.a74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22109b84.a74c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22119b84.a74c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22129b84.a74c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22139b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22149b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22159b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22169b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22179b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22189b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22199b84.a74c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22209b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22219b84.a74c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22229b84.a74c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22239b84.a74c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22249b84.a74c: supR3HardenedDllNotificationCallback: load 000007fefb830000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22259b84.a74c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22269b84.a74c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22279b84.a634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22289b84.a634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22299b84.a634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22309b84.a634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22319b84.a634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22329b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22339b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22349b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22359b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22369b84.a634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22379b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22389b84.a634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22399b84.a634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22409b84.a634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22419b84.a634: supR3HardenedDllNotificationCallback: load 000007fefb950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22429b84.a634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22439b84.a634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb950000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22449b84.a67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22459b84.a67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22469b84.a67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22479b84.a67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
22489b84.a67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22499b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22509b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22519b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22529b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22539b84.a67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22549b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22559b84.a67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22569b84.a67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22579b84.a67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22589b84.a67c: supR3HardenedDllNotificationCallback: load 000007fefb750000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22599b84.a67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22609b84.a67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22619b84.46a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22629b84.46a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22639b84.46a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22649b84.46a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
22659b84.46a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22669b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22679b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22689b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22699b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22709b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22719b84.46a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22729b84.46a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22739b84.46a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22749b84.46a0: supR3HardenedDllNotificationCallback: load 000007fefb510000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
22759b84.46a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22769b84.46a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb510000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
22779b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22789b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22799b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22809b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32/Shell32.dll'
22819b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
22829b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22839b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
22849b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
22859b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
22869b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\windows\system32\profapi.dll'
22879b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22889b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22899b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22909b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22919b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
22929b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22939b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22949b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
22959b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
22969b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
22979b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
22989b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
22999b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23009b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23019b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cac pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23029b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
23039b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
23049b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
23059b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
23069b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23079b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23089b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
23099b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
23109b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
23119b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23129b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23139b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23149b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23159b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23169b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23179b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23189b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23199b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23209b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23219b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23229b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23239b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23249b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23259b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23269b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23279b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23289b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23299b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23309b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23319b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23329b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23339b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23349b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23359b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23369b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
23379b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23389b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23399b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23409b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23419b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23429b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23439b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23449b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23459b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23469b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23479b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23489b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23499b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
23509b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
23519b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ccc pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
23529b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
23539b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
23549b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
23559b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
23569b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23579b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23589b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23599b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23609b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23619b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
23629b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
23639b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
23649b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
23659b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
23669b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23679b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23689b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23699b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23709b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23719b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23729b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23739b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23749b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23759b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23769b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23779b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23789b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23799b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23809b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23819b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23829b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23839b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23849b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23859b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
23869b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23879b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
23889b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
23899b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
23909b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
23919b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
23929b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23939b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23949b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23959b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
23969b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
23979b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23989b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23999b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24009b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
24019b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24029b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24039b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24049b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24059b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
24069b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24079b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24089b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24099b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24109b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24119b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24129b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24139b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24149b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24159b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
24169b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
24179b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
24189b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24199b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24209b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24219b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24229b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24239b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24249b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24259b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24269b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
24279b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24289b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fed1ee0000 LB 0x008e7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
24299b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24309b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24319b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fee3880000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
24329b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24339b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24349b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef3780000 LB 0x00051000 C:\windows\system32\newdev.dll [fFlags=0x0]
24359b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24369b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24379b84.a4e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
24389b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
24399b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefc550000 LB 0x00012000 C:\windows\system32\devrtl.DLL [fFlags=0x0]
24409b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
24419b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24429b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefb3d0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
24439b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24449b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24459b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef9b80000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
24469b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24479b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
24489b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef9b70000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
24499b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
24509b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed1ee0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
24519b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd8 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
24529b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
24539b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
24549b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
24559b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24569b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24579b84.a4e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24589b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24599b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24609b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24619b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
24629b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24639b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4990000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
24649b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24659b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
24669b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24679b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3d0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
24689b84.9b34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24699b84.9b34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24709b84.9b34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24719b84.9b34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
24729b84.9b34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24739b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24749b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24759b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24769b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24779b84.9b34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24789b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24799b84.9b34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24809b84.9b34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
24819b84.9b34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24829b84.9b34: supR3HardenedDllNotificationCallback: load 000007fefb500000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24839b84.9b34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24849b84.9b34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24859b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24869b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
24879b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24889b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9b80000 'C:\windows\system32/Iphlpapi.dll'
24899b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
24909b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
24919b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
24929b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
24939b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
24949b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24959b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24969b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24979b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
24989b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
24999b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
25009b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25019b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25029b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25039b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25049b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25059b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25069b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25079b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25089b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25099b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25109b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25119b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325da80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25129b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25139b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef9960000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
25149b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25159b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9960000 'C:\windows\system32\dhcpcsvc.DLL'
25169b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25179b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325da80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25189b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9b80000 'C:\windows\system32\IPHLPAPI.DLL'
25199b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25209b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
25219b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
25229b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
25239b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
25249b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25259b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25269b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25279b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
25289b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
25299b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25309b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25319b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25329b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25339b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25349b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25359b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25369b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325da80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25379b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25389b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef9980000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
25399b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25409b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9980000 'C:\windows\system32\dhcpcsvc6.DLL'
25419b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25429b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325da80:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25439b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9b80000 'C:\windows\system32\IPHLPAPI.DLL'
25449b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
25459b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
25469b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
25479b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
25489b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
25499b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25509b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25519b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25529b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25539b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25549b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
25559b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
25569b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
25579b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
25589b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
25599b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
25609b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
25619b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
25629b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
25639b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
25649b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
25659b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25669b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25679b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
25689b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
25699b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
25709b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
25719b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25729b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25739b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25749b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25759b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25769b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25779b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25789b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25799b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25809b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25819b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25829b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25839b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25849b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25859b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25869b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25879b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25889b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25899b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325dba0:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25909b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25919b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fef3af0000 LB 0x00088000 C:\windows\system32\dsound.dll [fFlags=0x0]
25929b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25939b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
25949b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefbc00000 LB 0x0002c000 C:\windows\system32\POWRPROF.dll [fFlags=0x0]
25959b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
25969b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25979b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d180:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
25989b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3af0000 'C:\windows\system32\dsound.dll'
25999b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3af0000 'C:\windows\system32/dsound.dll'
26009b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e88 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26019b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
26029b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
26039b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
26049b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
26059b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26069b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26079b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
26089b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26099b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
26109b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
26119b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26129b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
26139b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
26149b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e6c pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
26159b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
26169b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
26179b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
26189b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
26199b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26209b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26219b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
26229b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
26239b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
26249b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26259b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
26269b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
26279b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26289b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26299b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26309b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26319b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26329b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26339b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26349b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26359b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26369b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26379b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26389b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26399b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26409b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26419b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26429b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26439b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef4d80:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26449b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26459b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefbbb0000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
26469b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26479b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26489b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefba80000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
26499b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26509b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\windows\system32\ADVAPI32.dll'
26519b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbbb0000 'C:\windows\System32\MMDevApi.dll'
26529b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26539b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26549b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
26559b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26569b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26579b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7f0000 'C:\windows\system32\SETUPAPI.dll'
26589b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
26599b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26609b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbc0000 'C:\windows\system32\SHLWAPI.dll'
26619b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26629b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26639b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbbb0000 'C:\windows\system32\MMDEVAPI.DLL'
26649b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
26659b84.93f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
26669b84.93f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26679b84.93f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'C:\windows\system32\CFGMGR32.dll'
26689b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26699b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26709b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
26719b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26729b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
26739b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26749b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
26759b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe360000 'C:\windows\system32\RPCRT4.dll'
26769b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26779b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
26789b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbbb0000 'C:\windows\system32\MMDevAPI.DLL'
26799b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26809b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
26819b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
26829b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
26839b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
26849b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26859b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26869b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26879b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26889b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
26899b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
26909b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
26919b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
26929b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
26939b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
26949b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26959b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26969b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26979b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
26989b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
26999b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
27009b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
27019b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
27029b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27039b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
27049b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
27059b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27069b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27079b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27089b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
27099b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
27109b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee0 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
27119b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
27129b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
27139b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
27149b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
27159b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27169b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27179b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
27189b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27199b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27209b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27219b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27229b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27239b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27249b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27259b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27269b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27279b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27289b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27299b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27309b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27319b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27329b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27339b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27349b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefa620000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
27359b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27369b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27379b84.a4e8: supR3HardenedDllNotificationCallback: load 00000000754a0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
27389b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27399b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27409b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefbed0000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
27419b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27429b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27439b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27449b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27459b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27469b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27479b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d330:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27489b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27499b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27509b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d180:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27519b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27529b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27539b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d180:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27549b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27559b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef4 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27569b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
27579b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
27589b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
27599b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
27609b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27619b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27629b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27639b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
27649b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
27659b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
27669b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
27679b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
27689b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
27699b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27709b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27719b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27729b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27739b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27749b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27759b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27769b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27779b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27789b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27799b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27809b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27819b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27829b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27839b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27849b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27859b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d180:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27869b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27879b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefa530000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
27889b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27899b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa530000 'C:\windows\system32\AUDIOSES.DLL'
27909b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27919b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325d180:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27929b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27939b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27949b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
27959b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27969b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\windows\system32\wdmaud.drv'
27979b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
27989b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
27999b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
28009b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
28019b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
28029b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28039b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28049b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
28059b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
28069b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
28079b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
28089b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
28099b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28109b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28119b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28129b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28139b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
28149b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
28159b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f10 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
28169b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
28179b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
28189b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
28199b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
28209b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28219b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28229b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28239b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
28249b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
28259b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
28269b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
28279b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28289b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28299b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28309b84.a4e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28319b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28329b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28339b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28349b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28359b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28369b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28379b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28389b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28399b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28409b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28419b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28429b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28439b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28449b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28459b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28469b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28479b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefa4c0000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
28489b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28499b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28509b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefa4a0000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
28519b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28529b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28539b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28549b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28559b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28569b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28579b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28589b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28599b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28609b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28619b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28629b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28639b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28649b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28659b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28669b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28679b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28689b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28699b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28709b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28719b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28729b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28739b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\windows\system32\msacm32.drv'
28749b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
28759b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
28769b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
28779b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
28789b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
28799b84.a4e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28809b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28819b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
28829b84.a4e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
28839b84.a4e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
28849b84.a4e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
28859b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28869b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28879b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28889b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28899b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28909b84.a4e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28919b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28929b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28939b84.a4e8: supR3HardenedDllNotificationCallback: load 000007fefa490000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
28949b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28959b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\windows\system32\midimap.dll'
28969b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28979b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
28989b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\windows\system32\midimap.dll'
28999b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29009b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29019b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\windows\system32\midimap.dll'
29029b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29039b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29049b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\windows\system32\midimap.dll'
29059b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29069b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29079b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29089b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
29099b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29109b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29119b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29129b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000325cc70:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29139b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29149b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29159b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef46a0:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29169b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3af0000 'C:\windows\System32\dsound.dll'
29179b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29189b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29199b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29209b84.a4c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29219b84.a4c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef4a10:C:\windows\System32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29229b84.a4c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa530000 'C:\windows\System32\audioses.dll'
29239b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29249b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\winmm.dll'
29259b84.a4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
29269b84.a4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29279b84.a4e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
29289b84.a4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077940000 'C:\windows\system32/kernel32.dll'
29299b84.8d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\OLEAUT32.dll'
29309b84.9c60: supR3HardenedMonitor_LdrLoadDll: 'C:\windows\system32\comctl32.dll' -> 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
29319b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
29329b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
29339b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
29349b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
29359b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
29369b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29379b84.9c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29389b84.9c60: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29399b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000325d720:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29409b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7320000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29419b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
29429b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000ef4800:C:\windows\system32;C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29439b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe250000 'C:\windows\system32\MSCTF.dll'
29449b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde80000 'C:\windows\system32\ole32.dll'
29459b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006f4 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
29469b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
29479b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
29489b84.a008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
29499b84.a008: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29509b84.a008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd920000 'C:\windows\system32\WINTRUST.DLL'
29519b84.a008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
29529b84.a008: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000080e450:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29539b84.a008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\windows\system32\CRYPT32.dll'
29549b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
29559b84.a008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ea0000 'C:\windows\system32\cryptnet.dll'
29569b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
29579b84.a008: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29589b84.a008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29599b84.a008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29609b84.a008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29619b84.a008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29629b84.a008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
29639b84.a008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29649b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29659b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29669b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29679b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29689b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29699b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29709b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29719b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29729b84.a008: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29739b84.a008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29749b84.a008: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x00055000 C:\windows\system32\mswsock.dll [fFlags=0x0]
29759b84.a008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29769b84.a008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\windows\system32\mswsock.dll'
29779b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000106c pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
29789b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000852a50
29799b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000852a50
29809b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
29819b84.a008: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
29829b84.a008: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29839b84.a008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
29849b84.a008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
29859b84.a008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
29869b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29879b84.a008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29889b84.a008: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080dd00:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29899b84.a008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
29909b84.a008: supR3HardenedDllNotificationCallback: load 000007fefc430000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [fFlags=0x0]
29919b84.a008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
29929b84.a008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc430000 'C:\windows\System32\wshtcpip.dll'
29939b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\windows\system32\user32.dll'
29949b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa660000 'C:\windows\system32\WINMM.dll'
29959b84.9c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
29969b84.9c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003236620:C:\Program Files\Oracle\VirtualBox;C:\windows\system32 [calling]
29979b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
29989b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
29999b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
30009b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
30019b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'
30029b84.9c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe9c0000 'C:\windows\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy